Accepted snakeyaml 1.23-1+deb10u1 (source) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted snakeyaml 1.23-1+deb10u1 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 02 Oct 2022 21:30:20 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: snakeyaml_1.23-1+deb10u1_source.changes
- Debian-source: snakeyaml
- Debian-suite: oldstable
- Debian-version: 1.23-1+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=4sDe/BxH73gWJxuLs8TcnUth1FTeihXukR9ktplYrX8=; b=t4oEy26KzqvXCwLBpwmhr0RgS2 nBpFHn4NRnUVy0UuUAiEuZ9lohqm3/T+Hwz/F33gpBPXxZMpHJz2snsY2Ev+QykZb9K7yLcDLEqWy P774qGNYIDrucrhZsb7DExcfRnx0l9tmIGkU0xkmQ4xF2XHGqzy/jxcxvXaq8lKS26ljQxq/VvpOj tHuXn9dd6StrBBN7E1kbmm44xTO6jP0uJ3kCH+UnTyLX4cKKhP8MXfHaGGplOx6rEBIGe2pYStKW8 +DabgNrgzCkSKofnn6bv3fNI7d4oceIEQ6I5rBOVqz72EBXlS/NuufWCTExW+4e/g7fBUdqX/PR+J Z5RuCOHw==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1of6XU-009Y2F-No@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 2 Oct 2022 23:11:48 CEST
Source: snakeyaml
Architecture: source
Version: 1.23-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
deaad2102b8e49bd5f049bfb7d7583df691d7e7f 2394 snakeyaml_1.23-1+deb10u1.dsc
6544f5a4fce9a8b1fecf3da258736b3a61ebe068 263228 snakeyaml_1.23.orig.tar.xz
a72dcffbaa299e4b0d39fc9d5d5af9888dbd721f 13040 snakeyaml_1.23-1+deb10u1.debian.tar.xz
ffdc07bcda8252b7e85252e7132ace9c3aa70f48 14030 snakeyaml_1.23-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
bea24a775ec5b01be69613a309f23b311f067f8986768e55db8488d030110685 2394 snakeyaml_1.23-1+deb10u1.dsc
2746d5d594bcc1597bf950f76e5d191bf7722236c208bc3df5f09eabfd8e7659 263228 snakeyaml_1.23.orig.tar.xz
40e4e0e6b3d6753416a2f37bc1f7393a39f0ef81b64ff07651c3aa6bcf96554b 13040 snakeyaml_1.23-1+deb10u1.debian.tar.xz
cbdf402b8a383de457c06c4a9321b13dc33b27bd9a476c6c4187e13719732892 14030 snakeyaml_1.23-1+deb10u1_amd64.buildinfo
Changes:
snakeyaml (1.23-1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2022-25857, CVE-2022-38749, CVE-2022-38750 and CVE-2022-38751.
Several security vulnerabilities have been discovered in SnakeYaml, a YAML
parser for Java, which could facilitate a denial of service attack whenever
maliciously crafted input files are processed by SnakeYaml.
Files:
62210a77b4375d1d8856a29cab7be14e 2394 java optional snakeyaml_1.23-1+deb10u1.dsc
3df78afc2f9eaf6f30a3cb53bdb5fcc3 263228 java optional snakeyaml_1.23.orig.tar.xz
9bb0000aa239f65260dc58b59f92b9d4 13040 java optional snakeyaml_1.23-1+deb10u1.debian.tar.xz
e1640d24d07edd089ff47f39af9c87e2 14030 java optional snakeyaml_1.23-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmM5/rZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkNvwQAMPDWVvTw4Zn+QWDysXoH6D2jGHroobIpOMf
5Lga5CDSbeASjhwtHScg+Hju9/ktpYSeSdKcx+PA2dU+C8segNHY5c60HiiIOa2S
uvQHBqE75OudlbsmCrO2WzLxVgn5bkASr2N8TcFP9zh3h1fyz0w1GyEqlVo2+Nkn
ISmuEeuivLYqMUTLSvUi9CI0baKr2Nw11VmveDuPj/neYgVoG+SkaPsMQNk0C0Jv
e0Y8bH6/n1SoeklPPFUPshHKF3XiaUyTB+/+dKOR4qQvbTrV1dNj7aW9NaPZmF4i
kRkuKRVT5DsvEFhZUXOR6pp9IOI72Xw736WF2hMOszUMXl+PRro/dVzR6iM87QT7
nFd5RrZNkxL0wQugzMIf0Htk7rcKQxuChBtVi0P8KG8XtuKAk/f/5IrzyTgdz9FT
5jD50KYpZFrgSzsgvMz4noUkK7bcKboRaS3Tt9yMGJHzaVrh61o4FzhomGuR9BXz
/aOo+MRCwtWfindDeywTPJ7/t5YDXWvB+84IF+prbuAGDhVtnDscw5rM1d2de3Ee
zRze5hYyrPJheU98taxv/EA3SedW0GuQq+qqEdRLg4sYo/jtd9whUA3g12YuiX1I
FkVhwtcTRws//zkdKZgTzXU12nhnXYaAArEggKwUeWbc5vm7hKCoZZfDmMJ281re
WqRqadYs
=+X6I
-----END PGP SIGNATURE-----