Bug#661548: libyaml-libyaml-perl: FTBFS with hardening flags enabled: -Werror=format-security
Niko Tyni
ntyni at debian.org
Sat Mar 10 07:06:16 UTC 2012
retitle 661548 libyaml-libyaml-perl: CVE-2012-1152: Format string vulnerabilities in YAML parsing
thanks
On Fri, Mar 09, 2012 at 08:09:54AM +0200, Niko Tyni wrote:
> severity 661548 grave
> tag 661548 security
> found 661548 0.33-1
> thanks
>
> On Mon, Feb 27, 2012 at 09:44:42PM +0000, Dominic Hargreaves wrote:
> > Source: libyaml-libyaml-perl
> > Severity: normal
> > Version: 0.38-1
> > User: debian-qa at lists.debian.org
> > Usertags: hardening-format-security hardening
> >
> > With hardening flags enabled, this package FTBFS:
> These format strings can be injected from user input,
> so raising the severity. A DSA will be issued for squeeze.
This is CVE-2012-1152.
http://seclists.org/oss-sec/2012/q1/609
--
Niko Tyni ntyni at debian.org
More information about the pkg-perl-maintainers
mailing list