[Bug 1033990] CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tags

Fri Aug 8 19:26:33 UTC 2014

https://bugzilla.redhat.com/show_bug.cgi?id=1033990

Kurt Seifried <kseifried at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Whiteboard|impact=moderate,public=2014 |impact=moderate,public=2014
                   |0127,reported=20131122,sour |0127,reported=20131122,sour
                   |ce=redhat,cvss2=4.3/AV:A/AC |ce=redhat,cvss2=4.3/AV:A/AC
                   |:H/Au:N/C:P/I:P/A:P,rhel-6/ |:H/Au:N/C:P/I:P/A:P,rhel-6/
                   |libyaml=affected,rhel-7/lib |libyaml=affected,rhel-7/lib
                   |yaml=affected,rhscl-1/ruby1 |yaml=affected,rhscl-1/ruby1
                   |93-libyaml=affected,rhscl-1 |93-libyaml=affected,rhscl-1
                   |/libyaml=affected,fedora-al |/libyaml=affected,fedora-al
                   |l/libyaml=affected,epel-all |l/libyaml=affected,epel-all
                   |/libyaml=affected,mrg-1/lib |/libyaml=affected,mrg-1/lib
                   |yaml=wontfix,mrg-2/libyaml= |yaml=wontfix,mrg-2/libyaml=
                   |wontfix,rhn_satellite_5.3/l |wontfix,rhn_satellite_5.3/l
                   |ibyaml=wontfix,rhn_satellit |ibyaml=wontfix,rhn_satellit
                   |e_5.4/libyaml=wontfix,rhn_s |e_5.4/libyaml=wontfix,rhn_s
                   |atellite_5.5/libyaml=wontfi |atellite_5.5/libyaml=wontfi
                   |x,rhn_satellite_5.6/libyaml |x,rhn_satellite_5.6/libyaml
                   |=wontfix,rhn_satellite_6/li |=wontfix,rhn_satellite_6/li
                   |byaml=affected,rhn_satellit |byaml=affected,rhn_satellit
                   |e_6/ruby193-libyaml=affecte |e_6/ruby193-libyaml=affecte
                   |d,rhui-2/libyaml=defer,sam- |d,rhui-2/libyaml=wontfix,sa
                   |1/libyaml=defer,cfme-5/ming |m-1/libyaml=defer,cfme-5/mi
                   |w-libyaml=wontfix,cfme-5/ru |ngw-libyaml=wontfix,cfme-5/
                   |by193-libyaml=wontfix,opens |ruby193-libyaml=wontfix,ope
                   |tack-3/libyaml=affected,ope |nstack-3/libyaml=affected,o
                   |nstack-3/ruby193-libyaml=af |penstack-3/ruby193-libyaml=
                   |fected,openstack-4/libyaml= |affected,openstack-4/libyam
                   |affected,openshift-enterpri |l=affected,openshift-enterp
                   |se-1/ruby193-libyaml=wontfi |rise-1/ruby193-libyaml=wont
                   |x,openshift-1/ruby193-libya |fix,openshift-1/ruby193-lib
                   |ml=affected,fedora-all/perl |yaml=affected,fedora-all/pe
                   |-YAML-LibYAML=affected,epel |rl-YAML-LibYAML=affected,ep
                   |-6/perl-YAML-LibYAML=affect |el-6/perl-YAML-LibYAML=affe
                   |ed                          |cted

--- Comment #51 from Kurt Seifried <kseifried at redhat.com> ---
Red Hat Update Infrastructure 2.1.3 is now in Production 2 Phase of the support
and maintenance life cycle. This has been rated as having Moderate security
impact and is not currently planned to be addressed in future updates. For
additional information, refer to the Red Hat Update Infrastructure Life Cycle:
https://access.redhat.com/support/policy/updates/rhui.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=9F2glZh4Vl&a=cc_unsubscribe