[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#894747: lintian: Re-enable YAML parsing for d/upstream/metadata files

Package: lintian
Version: 2.5.80
Severity: wishlist
Control: block 731340 by -1

Hi,

Currently, the lintian checks for validity of d/u/metadata are
disabled since 2.5.50.4 [1] due to a security problem [2]
(CVE-2017-8829), but now we can safety use YAML::XS with the
$LoadBlessed option [3]. I wondering if we can re-enable the
d/u/metadata checks in lintian using the safety method?

Best,
Dylan

[1] https://anonscm.debian.org/git/lintian/lintian.git/commit/checks/upstream-metadata.pm?id=6119d49c3b
[2] https://bugs.debian.org/861958
[3] https://bugs.debian.org/862373#59
Reply to: