libyaml (0.1.3-1+deb6u4) squeeze-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2014-2525: Heap overflow when parsing YAML tags. The heap overflow is caused by not properly expanding a string before writing to it in function yaml_parser_scan_uri_escapes in scanner.c. -- Salvatore Bonaccorso Thu, 20 Mar 2014 00:04:03 +0100 libyaml (0.1.3-1+deb6u3) squeeze-security; urgency=high * Non-maintainer upload by the Security Team. * Apply correct patch from upstream to quard against overflows in indent and flow_level. (Closes: #738587) -- Salvatore Bonaccorso Mon, 10 Feb 2014 21:32:14 +0100 libyaml (0.1.3-1+deb6u2) oldstable-security; urgency=high * Non-maintainer upload by the Security Team. * Improved fix for CVE-2013-6393 (regression) CVE-2013-6393: heap-based buffer overflow when parsing YAML tags. (Closes: #737076) -- Salvatore Bonaccorso Thu, 30 Jan 2014 17:18:42 +0100 libyaml (0.1.3-1+deb6u1) oldstable-security; urgency=low * CVE-2013-6393 -- Moritz Muehlenhoff Thu, 23 Jan 2014 21:10:28 +0000 libyaml (0.1.3-1) unstable; urgency=low * New upstream version 0.1.3. + This release fixes non-standard structure initialization and a streaming-related issue. * Bump priority from extra to optional. -- Anders Kaseorg Sun, 04 Oct 2009 14:07:18 -0400 libyaml (0.1.2-1) unstable; urgency=low * New upstream version 0.1.2. + Fixed grammar in error messages (from YAML::XS::LibYAML). + Rewritten whitespace detection in the scalar analyzer and block scalar writers (ported from PyYAML). + Fixed emitting folded scalars with trailing breaks; Forced emitting of a document end indicator when there is a possibility of ambiguous parsing. -- Anders Kaseorg Mon, 29 Dec 2008 21:10:48 -0500 libyaml (0.1.1-1) unstable; urgency=low * Initial release (Closes: #484381). -- Anders Kaseorg Tue, 10 Jun 2008 02:37:34 -0400