mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
f58ee5acdd
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2525 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
22 lines
696 B
BlitzBasic
22 lines
696 B
BlitzBasic
SUMMARY = "LibYAML is a YAML 1.1 parser and emitter written in C."
|
|
DESCRIPTION = "LibYAML is a C library for parsing and emitting data in YAML 1.1, \
|
|
a human-readable data serialization format. "
|
|
HOMEPAGE = "http://pyyaml.org/wiki/LibYAML"
|
|
SECTION = "libs/devel"
|
|
|
|
LICENSE = "MIT"
|
|
LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17"
|
|
|
|
SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \
|
|
file://libyaml-CVE-2014-2525.patch \
|
|
"
|
|
|
|
SRC_URI[md5sum] = "24f6093c1e840ca5df2eb09291a1dbf1"
|
|
SRC_URI[sha256sum] = "fa87ee8fb7b936ec04457bc044cd561155e1000a4d25029867752e543c2d3bef"
|
|
|
|
S = "${WORKDIR}/yaml-${PV}"
|
|
|
|
inherit autotools
|
|
|
|
BBCLASSEXTEND = "native"
|