We believe that the bug you reported is fixed in the latest version of
golang-gopkg-yaml.v3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1011338@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anthony Fok <foka@debian.org> (supplier of updated golang-gopkg-yaml.v3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Mon, 13 Jun 2022 04:56:55 -0600
Source: golang-gopkg-yaml.v3
Architecture: source
Version: 3.0.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
Changed-By: Anthony Fok <foka@debian.org>
Closes: 1011338
Changes:
golang-gopkg-yaml.v3 (3.0.1-1) unstable; urgency=medium
.
* New upstream version 3.0.1
+ CVE-2022-28948 - crash when attempting to deserialize invalid input
Thanks to Neil William for the Debian bug report! (Closes: #1011338)
See also https://github.com/go-yaml/yaml/issues/666
* Change debian/watch to track v3 release tarballs
now that v3.0.0 and v3.0.1 have been released
* Reorder fields in debian/control and debian/copyright
* Update comment in debian/watch according to upstream LICENSE file
* Mark library package with "Multi-Arch: foreign"
* Bump Standards-Version to 4.6.1 (no change)
Checksums-Sha1:
8c1183c56ddd034073b9ee1538493a8e617dc522 2226 golang-gopkg-yaml.v3_3.0.1-1.dsc
cc7bb69c6a34bf61440d47ac00108f51cffea65f 91173 golang-gopkg-yaml.v3_3.0.1.orig.tar.gz
bf83009323f3b834e470b2d2f6199e638b6a38a6 4392 golang-gopkg-yaml.v3_3.0.1-1.debian.tar.xz
ecf148b35c2026ccabf0cc06e0065154a85cf749 6500 golang-gopkg-yaml.v3_3.0.1-1_amd64.buildinfo
Checksums-Sha256:
f3d721f4ee9d5903d1c3fac1e89f8e8a54e98dc4cb48cb8a1f878fd652fe998b 2226 golang-gopkg-yaml.v3_3.0.1-1.dsc
cf05411540d3e6ef8f1fd88434b34f94cedaceb540329031d80e23b74540c4e5 91173 golang-gopkg-yaml.v3_3.0.1.orig.tar.gz
3e073f881a5927b5bd1b05cba3ceb6f4c3116dfc67aa012112160c81567b7261 4392 golang-gopkg-yaml.v3_3.0.1-1.debian.tar.xz
bc8f0f49b93c557778d1e741db720b058774810ad94d0d58f2d84b5b98b5e1f6 6500 golang-gopkg-yaml.v3_3.0.1-1_amd64.buildinfo
Files:
585fa81c82e4c14ec98457642e5bbe59 2226 golang optional golang-gopkg-yaml.v3_3.0.1-1.dsc
3653fca1491a8b432d590ed3dab3aa77 91173 golang optional golang-gopkg-yaml.v3_3.0.1.orig.tar.gz
7e5e825ff2bff8ab5feca52717322046 4392 golang optional golang-gopkg-yaml.v3_3.0.1-1.debian.tar.xz
70a876e5059e4f7fa57fd3ba94c26efc 6500 golang optional golang-gopkg-yaml.v3_3.0.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmKnHFMQHGZva2FAZGVi
aWFuLm9yZwAKCRDqJQC0EsWaz9nhEACmKbbGdGdi7NIYXGKN8XIq6tL1aiV2GT1z
yqsrPZABdevuWR5mer4RyGoQpkH1dtHgoWC4uluSpxzbDlPhRUjU4Xpu4bhSfkKc
03r4egbsA7v5EH1R9yiG2KcL1UuIrFORuU0KCaO/gNOwj2+dHhycggCUc6ffCQwG
U00NzXDPFDbhVCyhBszdEHLCqlkdL2Q48sKMe7wVR4F2ZtuBYKhLW2A4OMNJvO8b
YbSnhgMhKQ780sluDCeNOy3o5nwQ/tVC/7+b48PZcUgYCTVx6G+PZtVLSMIo5mmo
HGiil8c3kt0/l8xY3Mcgfml3dICUzJ1Cnk5tB84yZ1MwMnBfCgq15maNtxaHbXLm
B2yDJAbF6U0DhX8YA0tLVDyAPvIWH2YosWPFK0t0eGzzze9TDvgWqVl1My4io2sE
DecARTdxJUhlR31C/erW3vbwQ9q28DniEdUNHKUWdjswAZEO2ty2q7L4hPUblhMN
stBpPbvyDMJ7wAUZdiGlkDoUykqb/fcokguDEZWC0T2xjP1tka9HVXl2g34jI9BX
FmbzwdZL9Igwaqn73nKuz9c8cWAv5IBIMp0luUD7GYG7jHNsj/5nxJKBa0/zWOPd
q9IkgSv+lndAsOl+LFMkmPWeA7+9YaGaV9di4/K0c0I0AK2ecMYQMG3JUc5HMnm2
+uUdL3zDxg==
=taW4
-----END PGP SIGNATURE-----