Back to bug 1860466
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2020-07-24 17:22:14 UTC | Summary | PyYAML: incomplete fix for CVE-2020-1747 | CVE-2020-14343 PyYAML: incomplete fix for CVE-2020-1747 |
| Alias | CVE-2020-14343 | |||
| Guilherme de Almeida Suckevicz | 2020-07-24 17:34:07 UTC | Depends On | 1860470, 1860469, 1860468 | |
| Guilherme de Almeida Suckevicz | 2020-07-24 17:35:12 UTC | Blocks | 1860471 | |
| Riccardo Schirone | 2020-07-29 13:34:05 UTC | Doc Text | A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. | |
| Riccardo Schirone | 2020-07-29 14:29:05 UTC | Depends On | 1861784, 1861785 | |
| RaTasha Tillery-Smith | 2020-07-30 17:17:26 UTC | Doc Text | A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. | A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. |
| PnT Account Manager | 2020-08-21 21:33:07 UTC | CC | jschorr | |
| Huzaifa S. Sidhpurwala | 2020-12-24 10:36:26 UTC | Depends On | 1910657 | |
| John Eckersberg | 2021-01-15 14:14:07 UTC | Status | NEW | CLOSED |
| Resolution | --- | RAWHIDE | ||
| Last Closed | 2021-01-15 14:14:07 UTC | |||
| John Eckersberg | 2021-01-15 14:15:07 UTC | Status | CLOSED | NEW |
| Resolution | RAWHIDE | --- | ||
| Keywords | Reopened | |||
| John Eckersberg | 2021-01-15 14:19:12 UTC | Comment 15 is private | 1 | 0 |
| Sam Fowler | 2021-01-20 01:14:25 UTC | Fixed In Version | PyYAML 5.4 | |
| Red Hat Bugzilla | 2021-01-26 11:47:04 UTC | CC | gmainwar | |
| Tomas Orsava | 2021-03-22 15:59:24 UTC | CC | torsava | |
| Flags | needinfo?(gsuckevi) | |||
| Guilherme de Almeida Suckevicz | 2021-03-22 19:12:42 UTC | Depends On | 1941794 | |
| Guilherme de Almeida Suckevicz | 2021-03-22 19:13:49 UTC | Flags | needinfo?(gsuckevi) | |
| Tomas Hoger | 2021-03-26 13:35:15 UTC | Depends On | 1943254 | |
| Tomas Hoger | 2021-04-13 11:24:58 UTC | Depends On | 1949044 | |
| Red Hat Bugzilla | 2021-04-20 07:45:04 UTC | CC | rpetrell | |
| Riccardo Schirone | 2021-06-01 13:40:13 UTC | CC | bbuckingham, bcourt, bkearney, btotty, ehelms, jsherril, lzap, mhulan, mmccune, myarboro, nmoumoul, orabin, pcreech, rchan, rjerrido, sokeeffe, tbrisker | |
| Yadnyawalk Tale | 2021-06-02 19:56:12 UTC | Depends On | 1967303 | |
| Red Hat Bugzilla | 2021-06-22 00:26:15 UTC | CC | dbecker | |
| errata-xmlrpc | 2021-06-29 16:01:25 UTC | Link ID | Red Hat Product Errata RHSA-2021:2583 | |
| Product Security DevOps Team | 2021-06-29 16:40:23 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2021-01-15 14:14:07 UTC | 2021-06-29 16:40:23 UTC | ||
| errata-xmlrpc | 2021-11-16 14:07:52 UTC | Link ID | Red Hat Product Errata RHSA-2021:4702 | |
| Tomer Brisker | 2021-12-14 18:47:58 UTC | CC | tbrisker |
Back to bug 1860466