Package "golang-gopkg-yaml.v2-dev"

Name:	golang-gopkg-yaml.v2-dev
Description:	YAML support for the Go language
Latest version:	2.2.2-1ubuntu0.1
Release:	focal (20.04)
Level:	updates
Repository:	universe
Head package:	golang-yaml.v2
Homepage:	https://github.com/go-yaml/yaml/tree/v2

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "golang-gopkg-yaml.v2-dev"

All arch deb package

APT INSTALL

Other versions of "golang-gopkg-yaml.v2-dev" in Focal

Repository	Area	Version
base	universe	2.2.2-1
security	universe	2.2.2-1ubuntu0.1

Changelog

Version: 2.2.2-1ubuntu0.1 2023-08-14 10:06:46 UTC

golang-yaml.v2 (2.2.2-1ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: DOS through excessive alias. - debian/patches/CVE-2021-4235.patch: Add logic to catch cases of alias abuse in decode.go. - CVE-2021-4235 * SECURITY_UPDATE: DOS through nested or expansion in large documents. - debian/patches/CVE-2022-3064.patch: Improve heuristics preventing CPU/memory abuse in decode.go and scannerc.go. - CVE-2022-3064 -- David Fernandez Gonzalez <email address hidden> Fri, 11 Aug 2023 09:47:30 +0200

CVE-2021-4235	Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input,
CVE-2022-3064	Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

About - Send Feedback to @ubuntu_updates

Package "golang-gopkg-yaml.v2-dev"

Links

Download "golang-gopkg-yaml.v2-dev"

Other versions of "golang-gopkg-yaml.v2-dev" in Focal

Changelog

Share this page

Bookmarks

Latest updates

security

proposed

updates

PPA updates