Tina Müller (tinita)
Tina Müller (tinita)
I guess I got @idhyt wrong, so I have to reject all four :( So CVE-2024-35326 , CVE-2024-35328 and this one here are very similar in that they all skip...
> @idhyt you reported the issues but the maintainer was unresponsive. In that case disclosure is the proper thing to do. All is well with that. no, no, no. How...
I'm still not sure if a fix is needed, because without initializing the structure the program can't work anyway. I just can't see how there would be such broken code...
Do you know how the problem can be reproduced?
As mentioned in #258, I think this shouldn't even happen, and something is wrong already before. The state machine should not get into this position. So I think this wouldn't...
I think #290 is a more general fix for this
Closing this as it would only be a partial fix (same problem in `yaml_emitter_emit_flow_mapping_key`), and actually this code shouldn't be called anyway as it only happens when calling yaml_emitter_close after...
These changes have all been done meanwhile, so I'll close this
I just want to comment that the underlying issue is in pyyaml. It is more restrictive than the YAML spec regarding what is allowed in anchor names. https://github.com/yaml/pyyaml/issues/373 https://github.com/yaml/pyyaml/pull/389 The...
There are existing issues about this, and it is not that trivial to fix it. I tried it myself but my code isn't ready yet. There are a few problems...