Overview

File amdgpu-fan-fix_yaml.patch of Package amdgpu-fan

From b0cb2d0da866c58329ce2edf146be1c41d3f6d8d Mon Sep 17 00:00:00 2001
From: David Toman <cz-themax@users.noreply.github.com>
Date: Sat, 15 Jan 2022 02:05:13 +0100
Subject: [PATCH] Update controller.py (#13)

It is reported that in PyYAML before 4.1, usage of yaml.load() function on untrusted input could lead to arbitrary code execution. It is therefore recommended to use yaml.safe_load() instead. With 4.1, yaml.load() has been changed to call safe_load().

* Report:          http://seclists.org/oss-sec/2018/q2/240
* Upstream change: https://github.com/yaml/pyyaml/pull/74
* CVE:             pending

--

Gentoo Security Scout
Vladimir Krstulja
---
 amdgpu_fan/controller.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/amdgpu_fan/controller.py b/amdgpu_fan/controller.py
index 8076b24..7c46b92 100644
--- a/amdgpu_fan/controller.py
+++ b/amdgpu_fan/controller.py
@@ -41,7 +41,7 @@ def main(self):
 def load_config(path):
     logger.debug(f'loading config from {path}')
     with open(path) as f:
-        return yaml.load(f)
+        return yaml.safe_load(f)
 
 
 def main():
openSUSE Build Service is sponsored by
Places