Advisories ยป MGASA-2015-0004

Updated python-yaml packages fix security vulnerability

Publication date: 05 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9130


Updated python-yaml packages fix security vulnerability:

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way
wrapped strings are parsed in Python-YAML, a YAML parser and emitter for
Python. An attacker able to load specially crafted YAML input into an
application using python-yaml could cause the application to crash.

This issue is similar to CVE-2014-9130, but the assertion was independently
implemented in Python-YAML.