YAML-LibYAML 0.01 Deleted
Security Advisories
Need SafeLoad and SafeDump analog to python
Fixed version: >=0.69
Reported: 2016-03-10
CVE-2014-9130
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
- http://www.openwall.com/lists/oss-security/2014/11/29/3
- http://www.openwall.com/lists/oss-security/2014/11/28/8
- https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
- http://www.securityfocus.com/bid/71349
- http://secunia.com/advisories/59947
- https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
- http://secunia.com/advisories/60944
- http://www.openwall.com/lists/oss-security/2014/11/28/1
- http://linux.oracle.com/errata/ELSA-2015-0100.html
- http://secunia.com/advisories/62723
- http://secunia.com/advisories/62705
- http://secunia.com/advisories/62774
- http://www.ubuntu.com/usn/USN-2461-2
- http://www.ubuntu.com/usn/USN-2461-3
- http://www.ubuntu.com/usn/USN-2461-1
- http://rhn.redhat.com/errata/RHSA-2015-0100.html
- http://www.debian.org/security/2014/dsa-3103
- http://rhn.redhat.com/errata/RHSA-2015-0112.html
- http://www.debian.org/security/2014/dsa-3102
- http://www.debian.org/security/2014/dsa-3115
- http://rhn.redhat.com/errata/RHSA-2015-0260.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:242
- http://advisories.mageia.org/MGASA-2014-0508.html
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
- http://secunia.com/advisories/62176
- http://secunia.com/advisories/62174
- http://secunia.com/advisories/62164
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99047
- https://puppet.com/security/cve/cve-2014-9130
Fixed version: >=0.54
Reported: 2014-12-08
Kwalitee Issues
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: YAML-LibYAML-0.01/lib/YAML/LibYAML.pm -- Around line 54: Non-ASCII character seen before =encoding in 'döt'. Assuming UTF-8
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- proper_libs
-
Move your *.pm files in a directory named 'lib'. The directory structure should look like 'lib/Your/Module.pm' for a module named 'Your::Module'. If you need to provide additional files, e.g. for testing, that should not be considered for Kwalitee, then you should look at the 'provides' map in META.yml to limit the files scanned; or use the 'no_index' map to exclude parts of the distribution.
Error: LibYAML/lib/YAML/LibYAML/XS.pm
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- meta_yml_has_repository_resource
-
Add a 'repository' resource to the META.yml via 'meta_add' accessor (for Module::Build) or META_ADD parameter (for ExtUtils::MakeMaker).
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.