Hi, On Wed, Jun 19, 2013 at 11:53:55AM +0200, Stig Sandbeck Mathisen wrote: > Package: wnpp > Severity: wishlist > Owner: Stig Sandbeck Mathisen <ssm@debian.org> > * Package name : ruby-safe-yaml > Version : 0.9.2 > Upstream Author : Dan Tao <daniel.tao@gmail.com> > * URL : https://github.com/dtao/safe_yaml > * License : MIT > Programming Lang: Ruby > Description : Safe implementation of YAML.load > The SafeYAML gem provides an alternative implementation of YAML.load suitable > for accepting user input in Ruby applications. Unlike Ruby's built-in > implementation of YAML.load, SafeYAML's version will not expose apps to > arbitrary code execution exploits. > (The safe_yaml gem was vendored into puppet to fix a recent vulnerability. The > packaging of this gem should help this situation.) ruby-safe-yml is already in the archive: $ rmadison ruby-safe-yaml ruby-safe-yaml | 0.9.0-1 | jessie | source, all ruby-safe-yaml | 0.9.0-1 | sid | source, all It is maintained by the Ruby team: http://anonscm.debian.org/gitweb/?p=pkg-ruby-extras/ruby-safe-yaml.git Cheers, Cédric
Attachment:
signature.asc
Description: Digital signature