Package "libyaml-snake-java"
Name: |
libyaml-snake-java
|
Description: |
YAML parser and emitter for the Java programming language
|
Latest version: |
1.29-1ubuntu0.22.04.1 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
universe |
Head package: |
snakeyaml |
Homepage: |
https://bitbucket.org/asomov/snakeyaml |
Links
Download "libyaml-snake-java"
Other versions of "libyaml-snake-java" in Jammy
Changelog
snakeyaml (1.29-1ubuntu0.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-25857.patch: Restrict nested depth for
collections to avoid DoS attacks.
- CVE-2022-25857
- CVE-2022-38749
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-38750.patch: Adds test for upstream issue 526.
- CVE-2022-38750
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-38751.patch: Add resolver limits to avoid DoS
attacks.
- CVE-2022-38751
-- Fabian Toepfer <email address hidden> Thu, 09 Mar 2023 19:37:24 +0100
|
CVE-2022-25857 |
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collection |
CVE-2022-38749 |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, |
CVE-2022-38750 |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, |
CVE-2022-38751 |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, |
|
About
-
Send Feedback to @ubuntu_updates