libyaml (0.1.4-2+deb7u5) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2014-9130.patch. CVE-2014-9130: assert failure when processing wrapped strings. (Closes: #771366) -- Salvatore Bonaccorso Sat, 13 Dec 2014 14:44:17 +0100 libyaml (0.1.4-2+deb7u4) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2014-2525.patch patch. CVE-2014-2525: Heap overflow when parsing YAML tags. The heap overflow is caused by not properly expanding a string before writing to it in function yaml_parser_scan_uri_escapes in scanner.c. -- Salvatore Bonaccorso Thu, 20 Mar 2014 16:49:19 +0100 libyaml (0.1.4-2+deb7u3) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Drop libyaml-indent-column-overflow-v2.patch patch. This patch causes additional regressions on simple YAML files. * Add libyaml-guard-against-overflows-in-indent-and-flow_level.patch patch. Add upstream's patch to guard against overflows in indent and flow_level. (Closes: #738587) -- Salvatore Bonaccorso Mon, 10 Feb 2014 23:02:23 +0100 libyaml (0.1.4-2+deb7u2) stable-security; urgency=high * Improved fix for CVE-2013-6393: heap-based buffer overflow when parsing YAML tags. (Closes: #737076) -- Anders Kaseorg Thu, 30 Jan 2014 04:07:40 -0500 libyaml (0.1.4-2+deb7u1) stable-security; urgency=low * CVE-2013-6393 -- Moritz Muehlenhoff Thu, 23 Jan 2014 21:03:55 +0000 libyaml (0.1.4-2) unstable; urgency=low * Remove extra libyaml-0.so symlink from libyaml-dev. * Bump Debhelper compat level to 9. * Support multiarch. (Closes: #653748) (LP: #905630) * Use 3.0 (quilt) source format. -- Anders Kaseorg Fri, 30 Dec 2011 17:14:52 -0500 libyaml (0.1.4-1) unstable; urgency=low * New upstream version 0.1.4. + Fixed a bug that prevented an empty mapping being used as a simple key. + Fixed pointer overflow when calculating the position of a potential simple key. + Added pkg-config support. (Closes: #537834) * Remove unneded libyaml.la file. (Closes: #622452) * Add libyaml-0-2-dbg package with debugging symbols. (Closes: #592747) * Bumped standards version to 3.9.2 without further change -- Anders Kaseorg Mon, 30 May 2011 22:27:27 -0400 libyaml (0.1.3-1) unstable; urgency=low * New upstream version 0.1.3. + This release fixes non-standard structure initialization and a streaming-related issue. * Bump priority from extra to optional. -- Anders Kaseorg Sun, 04 Oct 2009 14:07:18 -0400 libyaml (0.1.2-1) unstable; urgency=low * New upstream version 0.1.2. + Fixed grammar in error messages (from YAML::XS::LibYAML). + Rewritten whitespace detection in the scalar analyzer and block scalar writers (ported from PyYAML). + Fixed emitting folded scalars with trailing breaks; Forced emitting of a document end indicator when there is a possibility of ambiguous parsing. -- Anders Kaseorg Mon, 29 Dec 2008 21:10:48 -0500 libyaml (0.1.1-1) unstable; urgency=low * Initial release (Closes: #484381). -- Anders Kaseorg Tue, 10 Jun 2008 02:37:34 -0400