| Release | Version |
|---|---|
| jessie | 1.12-2+deb8u1 |
| stretch | 1.17-1+deb9u1 |
| buster | 1.23-1+deb10u1 |
| bullseye | 1.28-1+deb11u2 |
| bookworm | 1.33-2 |
| trixie | 1.33-2 |
| sid | 1.33-2 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18640 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | The Alias feature in SnakeYAML before 1.26 allows entity expansion dur ... |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-41854 | fixed | fixed | fixed | vulnerable | fixed | fixed | fixed | Those using Snakeyaml to parse untrusted YAML files may be vulnerable ... |
| CVE-2022-38752 | vulnerable | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ... |
| CVE-2022-1471 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | SnakeYaml's Constructor() class does not restrict types which can be i ... |
| Bug | Description |
|---|---|
| CVE-2022-38751 | Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ... |
| CVE-2022-38750 | Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ... |
| CVE-2022-38749 | Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ... |
| CVE-2022-25857 | The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable t ... |
| DSA / DLA | Description |
|---|---|
| ELA-693-1 | snakeyaml - security update |
| DLA-3132-1 | snakeyaml - security update |