stable

PyYAML-5.1-1.fc29

FEDORA-2019-bed9afe622 created by jeckersb 5 years ago for Fedora 29

New upstream release 5.1 (#1688414) Fixes CVE-2017-18342 (#1595744)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2019-bed9afe622

This update has been submitted for testing by jeckersb.

5 years ago

This update has been pushed to testing.

5 years ago
User Icon cserpentis commented & provided feedback 5 years ago
karma

works for me

User Icon besser82 commented & provided feedback 5 years ago
karma

Works great! LGTM! =)

User Icon filiperosset commented & provided feedback 5 years ago
karma

no regressions noted

This update has been submitted for batched by bodhi.

5 years ago

This update has been submitted for stable by bodhi.

5 years ago

This update has been pushed to stable.

5 years ago
User Icon churchyard commented & provided feedback 5 years ago

Are we sure this is API compatible enough to go into stable Fedoras? See for example https://bugzilla.redhat.com/show_bug.cgi?id=1692172

User Icon jeckersb commented & provided feedback 5 years ago

The API does not change, only the deprecation warning is added. The test suite in the linked bug fails only because it treats all warnings as errors, not because of any API change.

User Icon churchyard commented & provided feedback 5 years ago

I consider raising a new warning as a change of API, but I realize that it is probably disputable. Anyway, the update is in stable, probably to late to change anything, let's not bike shed then. I was surprised by this, and others might be as well. I'd consider an e-mail to dependent package maintainers as a reasonable thing to do.

User Icon churchyard commented & provided feedback 5 years ago

(I'll send it.)


Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
BZ#1595744 CVE-2017-18342 PyYAML: yaml.load() API could execute arbitrary code [fedora-all]
0
0
BZ#1688414 PyYAML-5.1 is available
0
0

Automated Test Results