Package "snakeyaml"
| Name: |
snakeyaml
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- YAML parser and emitter for the Java programming language
- Documentation for SnakeYAML
|
| Latest version: |
1.29-1ubuntu0.22.04.1 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
universe |
Links
Other versions of "snakeyaml" in Jammy
Packages in group
Deleted packages are displayed in grey.
Changelog
|
snakeyaml (1.29-1ubuntu0.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-25857.patch: Restrict nested depth for
collections to avoid DoS attacks.
- CVE-2022-25857
- CVE-2022-38749
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-38750.patch: Adds test for upstream issue 526.
- CVE-2022-38750
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-38751.patch: Add resolver limits to avoid DoS
attacks.
- CVE-2022-38751
-- Fabian Toepfer <email address hidden> Thu, 09 Mar 2023 19:37:24 +0100
|
| CVE-2022-25857 |
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collection |
| CVE-2022-38749 |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, |
| CVE-2022-38750 |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, |
| CVE-2022-38751 |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, |
|
About
-
Send Feedback to @ubuntu_updates
