Skip to main content
Topic: latest security vulnerbilities (Read 470 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Re: latest security vulnerbilities

Reply #1
The js-yaml version in the AUR is vulnerable:
$ yay -Ss js-yaml
aur/nodejs-js-yaml 3.10.0-1 (+1 0.00%)
    YAML 1.2 parser and writer

https://aur.archlinux.org/packages/nodejs-js-yaml
First Submitted:    2017-09-16 10:20
Last Updated:    2017-09-16 10:21

#3 JS-YAML
Affected versions: All versions prior to 3.13.0

safer-eval is not a package unless it's there under a different name and the others are OK at their current versions.

Re: latest security vulnerbilities

Reply #2
what is yaml?

Re: latest security vulnerbilities

Reply #3
what is yaml?

gnu-yaml
GNU NOT UNIX
YAML  AINT MARKUP LANGUAGE

UNIX NOT IBM X-operating-system
anti-X  - artix - obarun - Void - systemD Free Space

I can no longer participate in a public forum side by side with neo-nazis and NSA trolls in a moderated sterile environment that is good for business.
Obviously the terms Open and Free mean nothing to you, or your business!

Re: latest security vulnerbilities

Reply #4
It's been updated to a secure version:
Package Details: nodejs-js-yaml 3.13.1-1
If you git clone artix pkgbuild's there are yaml files in a hidden directory:
openrc/.artixlinux/agent.yaml
Contents of this file:

%YAML 1.2
---

label: master

Mysterious secret yaml agents? What do they do?