Overview

File _patchinfo of Package patchinfo.25473

<patchinfo incident="25473">
  <issue tracker="bnc" id="1165439">VUL-0: CVE-2020-1747: python-PyYAML: PyYAML: arbitrary command execution through python/object/new when FullLoader is used</issue>
  <issue tracker="bnc" id="1174514">VUL-0: CVE-2020-14343: python-PyYAML: PyYAML: incomplete fix for CVE-2020-1747</issue>
  <issue tracker="cve" id="2020-14343"/>
  <issue tracker="cve" id="2020-1747"/>
  <packager>tinita</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python-PyYAML</summary>
  <description>This update for python-PyYAML fixes the following issues:

- CVE-2020-1747: Fixed an arbitrary code execution issue when parsing
  an untrusted YAML file with the default loader (bsc#1165439).
- CVE-2020-14343: Completed the fix for CVE-2020-1747 (bsc#1174514).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places