Fedora 30: FEDORA-2019-1911b73cee Moderate: perl-YAML Typeglobs Issue

The YAML.pm module implements a YAML Loader and Dumper based on the YAML 1.0

specification (https://yaml.org/spec/). YAML is a generic data serialization

language that is optimized for human readability. It can be used to express the

data structures of most modern programming languages, including Perl. For

information on the YAML syntax, please refer to the YAML specification.

This update enforces that $LoadCode must be enabled to use the feature of

evaluating typeglobs, because with the typeglob feature you would be able to set

the variable $YAML::LoadCode from a YAML file, and that would be a security

issue.

* Sun Apr 28 2019 Paul Howarth - 1.28-1

- Update to 1.28

- Security fix: only enable loading globs when $LoadCode is set (GH#213)

- Modernize spec using %{make_build} and %{make_install}

[ 1 ] Bug #1703790 - perl-YAML-1.28 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1703790

su -c 'dnf upgrade --advisory FEDORA-2019-1911b73cee' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/