Date: Mon, 27 Apr 2020 20:22:43 +0000 (UTC) From: Josh Paetzel <jpaetzel@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r533167 - head/devel/py-yaml Message-ID: <202004272022.03RKMhm7046267@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jpaetzel Date: Mon Apr 27 20:22:42 2020 New Revision: 533167 URL: https://svnweb.freebsd.org/changeset/ports/533167 Log: Update to 5.3.1 This release contains a security fix for CVE-2020-1747. FullLoader was still exploitable for arbitrary command execution. https://bugzilla.redhat.com/show_bug.cgi?id=1807367 Thanks to Riccardo Schirone (https://github.com/ret2libc) for both reporting this and providing the fixes to resolve it. - https://github.com/yaml/pyyaml/pull/386 PR: 245937 Submitted by: daniel.engberg.lists@pyret.net MFH: 2020Q2 Security: http://vuxml.freebsd.org/freebsd/aae8fecf-888e-11ea-9714-08002718de91.html Modified: head/devel/py-yaml/Makefile head/devel/py-yaml/distinfo Modified: head/devel/py-yaml/Makefile ============================================================================== --- head/devel/py-yaml/Makefile Mon Apr 27 20:20:39 2020 (r533166) +++ head/devel/py-yaml/Makefile Mon Apr 27 20:22:42 2020 (r533167) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= yaml -PORTVERSION= 5.2 +PORTVERSION= 5.3.1 CATEGORIES= devel python MASTER_SITES= CHEESESHOP PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} Modified: head/devel/py-yaml/distinfo ============================================================================== --- head/devel/py-yaml/distinfo Mon Apr 27 20:20:39 2020 (r533166) +++ head/devel/py-yaml/distinfo Mon Apr 27 20:22:42 2020 (r533167) @@ -1,3 +1,3 @@ -TIMESTAMP = 1575414761 -SHA256 (PyYAML-5.2.tar.gz) = c0ee8eca2c582d29c3c2ec6e2c4f703d1b7f1fb10bc72317355a746057e7346c -SIZE (PyYAML-5.2.tar.gz) = 265687 +TIMESTAMP = 1587917471 +SHA256 (PyYAML-5.3.1.tar.gz) = b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d +SIZE (PyYAML-5.3.1.tar.gz) = 269377
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004272022.03RKMhm7046267>