Debian Package Tracker

general

source: yaml-cpp (main)
version: 0.6.2-4
maintainer: Simon Quigley (DMD)
arch: any
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.5.1-1
oldstable: 0.5.2-4
stable: 0.6.2-4
testing: 0.6.2-4
unstable: 0.6.2-4

versioned links

0.5.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.5.2-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.6.2-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libyaml-cpp-dev (2 bugs: 0, 2, 0, 0)
libyaml-cpp0.6

action needed

A new upstream version is available: 0.6.3 high

A new upstream version 0.6.3 is available, you should consider packaging it.

Created: 2019-09-29 Last update: 2020-02-21 14:07

6 security issues in bullseye high

There are 6 open security issues in bullseye.

6 important issues:

CVE-2018-20574: The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2018-20573: The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2017-11692: The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string.
CVE-2017-5950: The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2019-6292: An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.
CVE-2019-6285: The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Please fix them.

Created: 2019-07-07 Last update: 2019-10-21 00:30

6 security issues in sid high

There are 6 open security issues in sid.

6 important issues:

CVE-2018-20574: The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2018-20573: The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2017-11692: The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string.
CVE-2017-5950: The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2019-6292: An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.
CVE-2019-6285: The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Please fix them.

Created: 2017-04-03 Last update: 2019-10-21 00:30

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2020-02-18 Last update: 2020-02-21 18:34

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

libyaml-cpp-dev could be marked Multi-Arch: same

Created: 2019-01-08 Last update: 2020-02-21 15:05

6 ignored security issues in buster low

There are 6 open security issues in buster.

6 issues skipped by the security teams:

CVE-2018-20574: The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2018-20573: The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2017-11692: The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string.
CVE-2017-5950: The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2019-6292: An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.
CVE-2019-6285: The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Please fix them.

Created: 2017-06-18 Last update: 2019-10-21 00:30

6 ignored security issues in jessie low

There are 6 open security issues in jessie.

6 issues skipped by the security teams:

CVE-2018-20574: The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2018-20573: The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2017-11692: The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string.
CVE-2017-5950: The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2019-6292: An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.
CVE-2019-6285: The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Please fix them.

Created: 2017-04-03 Last update: 2019-10-21 00:30

6 ignored security issues in stretch low

There are 6 open security issues in stretch.

6 issues skipped by the security teams:

CVE-2018-20574: The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2018-20573: The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2017-11692: The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string.
CVE-2017-5950: The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2019-6292: An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.
CVE-2019-6285: The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Please fix them.

Created: 2017-04-03 Last update: 2019-10-21 00:30

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2014-07-02 Last update: 2019-01-08 07:57

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2020-01-21 05:06

news

[rss feed]

[2019-01-13] yaml-cpp 0.6.2-4 MIGRATED to testing (Debian testing watch)
[2019-01-07] Accepted yaml-cpp 0.6.2-4 (source) into unstable (Simon Quigley)
[2019-01-05] Accepted yaml-cpp 0.6.2-3 (source) into experimental (Simon Quigley)
[2018-12-24] Accepted yaml-cpp 0.6.2-2 (source) into experimental (Simon Quigley)
[2018-12-12] yaml-cpp 0.5.3-0.2 MIGRATED to testing (Debian testing watch)
[2018-12-03] Accepted yaml-cpp 0.6.2-1 (source amd64) into experimental, experimental (Simon Quigley)
[2018-11-23] Accepted yaml-cpp 0.5.3-0.2 (source amd64) into unstable, unstable (Julian Andres Klode)
[2018-11-19] Accepted yaml-cpp 0.5.3-0.1 (source) into unstable (Boyuan Yang)
[2018-11-19] Accepted yaml-cpp 0.5.2-4.1 (source) into unstable (Boyuan Yang)
[2016-10-18] yaml-cpp 0.5.2-4 MIGRATED to testing (Debian testing watch)
[2016-10-13] Accepted yaml-cpp 0.5.2-4 (source amd64) into unstable (Paul Novotny)
[2016-07-08] yaml-cpp 0.5.2-3.1 MIGRATED to testing (Debian testing watch)
[2016-07-02] Accepted yaml-cpp 0.5.2-3.1 (source) into unstable (Christian Hofstaedtler)
[2015-12-06] yaml-cpp 0.5.2-3 MIGRATED to testing (Debian testing watch)
[2015-12-01] Accepted yaml-cpp 0.5.2-3 (source amd64) into unstable (Paul Novotny)
[2015-09-10] yaml-cpp 0.5.2-2 MIGRATED to testing (Britney)
[2015-09-04] Accepted yaml-cpp 0.5.2-2 (amd64 source) into unstable, unstable (Paul Novotny) (signed by: Simon McVittie)
[2015-05-02] yaml-cpp 0.5.2-1 MIGRATED to testing (Britney)
[2015-04-26] Accepted yaml-cpp 0.5.2-1 (source amd64) into unstable (Paul Novotny) (signed by: Andreas Tille)
[2015-02-21] Accepted yaml-cpp 0.5.1+hg20150210-1 (source amd64) into experimental (Andreas Tille)
[2013-12-23] yaml-cpp 0.5.1-1 MIGRATED to testing (Debian testing watch)
[2013-09-03] Accepted yaml-cpp 0.5.1-1 (source amd64) (Lifeng Sun)
[2012-06-18] yaml-cpp 0.3.0-1 MIGRATED to testing (Debian testing watch)
[2012-06-07] Accepted yaml-cpp 0.3.0-1 (source amd64) (Lifeng Sun)

bugs [bug history graph]

all: 11
RC: 0
I&N: 11
M&W: 0
F&P: 0
patch: 1

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.6.2-4fakesync1