Package "snakeyaml"
Name: |
snakeyaml
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- YAML parser and emitter for the Java programming language
- Documentation for SnakeYAML
|
Latest version: |
1.25+ds-2ubuntu0.1 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "snakeyaml" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
snakeyaml (1.25+ds-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-25857.patch: Restrict nested depth for
collections to avoid DoS attacks.
- CVE-2022-25857
- CVE-2022-38749
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-38750.patch: Adds test for upstream issue 526.
- CVE-2022-38750
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-38751.patch: Add resolver limits to avoid DoS
attacks.
- CVE-2022-38751
-- Fabian Toepfer <email address hidden> Thu, 09 Mar 2023 19:41:51 +0100
|
CVE-2022-25857 |
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collection |
CVE-2022-38749 |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, |
CVE-2022-38750 |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, |
CVE-2022-38751 |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, |
|
About
-
Send Feedback to @ubuntu_updates