YAML-LibYAML 0.47 Deleted
Security Advisories
Need SafeLoad and SafeDump analog to python
Fixed version: >=0.69
Reported: 2016-03-10
CVE-2014-9130
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
- http://www.openwall.com/lists/oss-security/2014/11/29/3
- http://www.openwall.com/lists/oss-security/2014/11/28/8
- https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
- http://www.securityfocus.com/bid/71349
- http://secunia.com/advisories/59947
- https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
- http://secunia.com/advisories/60944
- http://www.openwall.com/lists/oss-security/2014/11/28/1
- http://linux.oracle.com/errata/ELSA-2015-0100.html
- http://secunia.com/advisories/62723
- http://secunia.com/advisories/62705
- http://secunia.com/advisories/62774
- http://www.ubuntu.com/usn/USN-2461-2
- http://www.ubuntu.com/usn/USN-2461-3
- http://www.ubuntu.com/usn/USN-2461-1
- http://rhn.redhat.com/errata/RHSA-2015-0100.html
- http://www.debian.org/security/2014/dsa-3103
- http://rhn.redhat.com/errata/RHSA-2015-0112.html
- http://www.debian.org/security/2014/dsa-3102
- http://www.debian.org/security/2014/dsa-3115
- http://rhn.redhat.com/errata/RHSA-2015-0260.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:242
- http://advisories.mageia.org/MGASA-2014-0508.html
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
- http://secunia.com/advisories/62176
- http://secunia.com/advisories/62174
- http://secunia.com/advisories/62164
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99047
- https://puppet.com/security/cve/cve-2014-9130
Fixed version: >=0.54
Reported: 2014-12-08
CVE-2012-1152
Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.
- https://bugzilla.redhat.com/show_bug.cgi?id=801738
- https://rt.cpan.org/Public/Bug/Display.html?id=46507
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077023.html
- http://www.openwall.com/lists/oss-security/2012/03/10/4
- http://www.openwall.com/lists/oss-security/2012/03/09/6
- http://www.debian.org/security/2012/dsa-2432
- http://www.securityfocus.com/bid/52381
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077782.html
- https://rt.cpan.org/Public/Bug/Display.html?id=75365
- http://secunia.com/advisories/48317
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077004.html
- http://lists.opensuse.org/opensuse-updates/2012-08/msg00029.html
- http://secunia.com/advisories/50277
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73856
Fixed version: >=0.57
Reported: 2012-09-09
Kwalitee Issues
No Core Issues.
- has_tests_in_t_dir
-
Add tests or move tests.pl to the t/ directory!
- proper_libs
-
Move your *.pm files in a directory named 'lib'. The directory structure should look like 'lib/Your/Module.pm' for a module named 'Your::Module'. If you need to provide additional files, e.g. for testing, that should not be considered for Kwalitee, then you should look at the 'provides' map in META.yml to limit the files scanned; or use the 'no_index' map to exclude parts of the distribution.
Error: LibYAML/lib/YAML/XS/LibYAML.pm
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.