[Buildroot] [PATCH 1/1] package/python-pyyaml: bump to version 5.3.1
Peter Korsgaard
peter at korsgaard.com
Thu Apr 2 08:42:33 UTC 2020
>>>>> "James" == James Hilliard <james.hilliard1 at gmail.com> writes:
> Signed-off-by: James Hilliard <james.hilliard1 at gmail.com>
Can you please mention whenever version bumps have security
implications? E.G. looking at the 5.3.1 release the only change is:
#386: Prevents arbitrary code execution during python/object/new
constructor
https://github.com/yaml/pyyaml/pull/386
Which sounds very much like a security bump to me.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list