Publishing details

Published on 2023-08-14
Copied from ubuntu focal in PPA for Ubuntu Security Proposed by David Fernandez Gonzalez

Changelog

golang-yaml.v2 (2.2.2-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: DOS through excessive alias.
    - debian/patches/CVE-2021-4235.patch: Add logic to catch cases of
      alias abuse in decode.go.
    - CVE-2021-4235
  * SECURITY_UPDATE: DOS through nested or expansion in large documents.
    - debian/patches/CVE-2022-3064.patch: Improve heuristics preventing
      CPU/memory abuse in decode.go and scannerc.go.
    - CVE-2022-3064

 -- David Fernandez Gonzalez <email address hidden>  Fri, 11 Aug 2023 09:47:30 +0200

Available diffs

diff from 2.2.2-1 (in Debian) to 2.2.2-1ubuntu0.1 (4.1 KiB)

Builds

amd64

Built packages

golang-gopkg-yaml.v2-dev YAML support for the Go language

golang-yaml.v2-dev Transitional package for golang-gopkg-yaml.v2-dev

Package files

golang-gopkg-yaml.v2-dev_2.2.2-1ubuntu0.1_all.deb (59.0 KiB)
golang-yaml.v2-dev_2.2.2-1ubuntu0.1_all.deb (2.3 KiB)
golang-yaml.v2_2.2.2-1ubuntu0.1.debian.tar.xz (7.7 KiB)
golang-yaml.v2_2.2.2-1ubuntu0.1.dsc (2.4 KiB)
golang-yaml.v2_2.2.2.orig.tar.gz (69.0 KiB)