This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions. For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please include this bug ID and the bug IDs of this bug's parent bugs filed against the "Security Response" product (the top-level CVE bugs). Please mention the CVE IDs being fixed in the RPM changelog when available. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=801738 epel-6 tracking bug for perl-YAML-LibYAML: see blocks bug list for full details of the security issue(s). [bug automatically created by: add-tracking-bugs]
I have a fix for this (basically updating the package in EPEL-6 to the same as was built for Fedora in April), which I could build if tremble is OK with that.
(In reply to comment #1) > I have a fix for this (basically updating the package in EPEL-6 to the same > as was built for Fedora in April), which I could build if tremble is OK with > that. Ok you could backport the patch, the patch looks pretty simple to me :)
(In reply to comment #2) > (In reply to comment #1) > > I have a fix for this (basically updating the package in EPEL-6 to the same > > as was built for Fedora in April), which I could build if tremble is OK with > > that. > > Ok you could backport the patch, the patch looks pretty simple to me :) Well I could, but there are other fixes in the current version that would be useful and don't seem to break anything else too...
(In reply to comment #3) > (In reply to comment #2) > > (In reply to comment #1) > > > I have a fix for this (basically updating the package in EPEL-6 to the same > > > as was built for Fedora in April), which I could build if tremble is OK with > > > that. > > > > Ok you could backport the patch, the patch looks pretty simple to me :) > > Well I could, but there are other fixes in the current version that would be > useful and don't seem to break anything else too... Then you really should go ahead with the upgrade!
Well I would, except that I'm not the EPEL-6 maintainer, tremble is. Now I could do it as a provenpackager but I'd run the risk of making a change that the maintainer didn't want to do for some reason, so I'd prefer to see some feedback from tremble first really.
Paul, sorry I missed your comment, I was trying to backport the fix, but I hit a few issues and a lack of time. Go for the update. FYI: I am not overly protective of "my" packages, feel free to update especially for Security bugs.
(In reply to comment #6, by Red Hat Production Operations) > Paul, sorry I missed your comment, > > I was trying to backport the fix, but I hit a few issues and a lack of time. > Go for the update. > > FYI: I am not overly protective of "my" packages, feel free to update > especially for Security bugs. tremble, is that you?
Oops wrong account. Paul, sorry I missed your comment, I was trying to backport the fix, but I hit a few issues and a lack of time. Go for the update. FYI: I am not overly protective of "my" packages, feel free to update especially for Security bugs.
perl-YAML-LibYAML-0.38-3.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/perl-YAML-LibYAML-0.38-3.el6
perl-YAML-LibYAML-0.38-3.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.