YAML-LibYAML 0.38 Deleted
Security Advisories
Need SafeLoad and SafeDump analog to python
Fixed version: >=0.69
Reported: 2016-03-10
CVE-2014-9130
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
- http://www.openwall.com/lists/oss-security/2014/11/29/3
- http://www.openwall.com/lists/oss-security/2014/11/28/8
- https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
- http://www.securityfocus.com/bid/71349
- http://secunia.com/advisories/59947
- https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
- http://secunia.com/advisories/60944
- http://www.openwall.com/lists/oss-security/2014/11/28/1
- http://linux.oracle.com/errata/ELSA-2015-0100.html
- http://secunia.com/advisories/62723
- http://secunia.com/advisories/62705
- http://secunia.com/advisories/62774
- http://www.ubuntu.com/usn/USN-2461-2
- http://www.ubuntu.com/usn/USN-2461-3
- http://www.ubuntu.com/usn/USN-2461-1
- http://rhn.redhat.com/errata/RHSA-2015-0100.html
- http://www.debian.org/security/2014/dsa-3103
- http://rhn.redhat.com/errata/RHSA-2015-0112.html
- http://www.debian.org/security/2014/dsa-3102
- http://www.debian.org/security/2014/dsa-3115
- http://rhn.redhat.com/errata/RHSA-2015-0260.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:242
- http://advisories.mageia.org/MGASA-2014-0508.html
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
- http://secunia.com/advisories/62176
- http://secunia.com/advisories/62174
- http://secunia.com/advisories/62164
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99047
- https://puppet.com/security/cve/cve-2014-9130
Fixed version: >=0.54
Reported: 2014-12-08
Kwalitee Issues
- meta_yml_conforms_to_known_spec
-
Take a look at the META.yml Spec at https://metacpan.org/pod/CPAN::Meta::History::Meta_1_4 (for version 1.4) or https://metacpan.org/pod/CPAN::Meta::Spec (for version 2), and change your META.yml accordingly.
Error: 'HASH(...)' for 'repository' does not have a URL scheme (resources -> repository) [Validation: 1.4];Missing mandatory field, 'abstract' (abstract) [Validation: 1.4];value is an undefined string (abstract) [Validation: 1.4]
- main_module_version_matches_dist_version
-
Make sure that the main module name and version are the same of the distribution.
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- has_tests_in_t_dir
-
Add tests or move tests.pl to the t/ directory!
- proper_libs
-
Move your *.pm files in a directory named 'lib'. The directory structure should look like 'lib/Your/Module.pm' for a module named 'Your::Module'. If you need to provide additional files, e.g. for testing, that should not be considered for Kwalitee, then you should look at the 'provides' map in META.yml to limit the files scanned; or use the 'no_index' map to exclude parts of the distribution.
Error: LibYAML/lib/YAML/XS/LibYAML.pm
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: YAML::XS
- consistent_version
-
Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).
Error: 0.18,0.38
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.