libyaml-syck-perl - Debian Package Tracker

general

source: libyaml-syck-perl (main)
version: 1.36-2
maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
uploaders: gregor herrmann [DMD] – Ansgar Burchardt [DMD]
arch: any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.34-1
oldstable: 1.34-2+deb12u1
old-sec: 1.34-2+deb12u2
stable: 1.34-2+deb13u1
stable-sec: 1.34-2+deb13u2
testing: 1.36-2
unstable: 1.36-2

versioned links

1.34-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.34-2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.34-2+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.34-2+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.34-2+deb13u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.36-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libyaml-syck-perl

action needed

A new upstream version is available: 1.38 high

A new upstream version 1.38 is available, you should consider packaging it.

Created: 2026-03-21 Last update: 2026-03-23 00:33

2 security issues in bullseye high

There are 2 open security issues in bullseye.

1 important issue:

CVE-2026-4177: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

1 issue postponed or untriaged:

CVE-2025-11683: (postponed; to be fixed through a stable update) YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.

Created: 2026-03-17 Last update: 2026-03-22 22:00

Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high

vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

fatal: unable to access 'https://salsa.debian.org/perl-team/modules/packages/libyaml-syck-perl.git/': The requested URL returned error: 503

Created: 2026-03-22 Last update: 2026-03-22 21:33

debian/patches: 1 patch to forward upstream low

Among the 3 debian patches available in version 1.36-2 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2026-03-17 Last update: 2026-03-17 16:32

news

[rss feed]

[2026-03-22] Accepted libyaml-syck-perl 1.34-2+deb13u2 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2026-03-22] Accepted libyaml-syck-perl 1.34-2+deb12u2 (source) into oldstable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2026-03-19] libyaml-syck-perl 1.36-2 MIGRATED to testing (Debian testing watch)
[2026-03-17] Accepted libyaml-syck-perl 1.36-2 (source) into unstable (Salvatore Bonaccorso)
[2026-01-04] libyaml-syck-perl 1.36-1 MIGRATED to testing (Debian testing watch)
[2026-01-02] Accepted libyaml-syck-perl 1.36-1 (source) into unstable (gregor herrmann)
[2025-10-19] Accepted libyaml-syck-perl 1.34-2+deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-10-19] Accepted libyaml-syck-perl 1.34-2+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-10-18] libyaml-syck-perl 1.34-4 MIGRATED to testing (Debian testing watch)
[2025-10-16] Accepted libyaml-syck-perl 1.34-4 (source) into unstable (Salvatore Bonaccorso)
[2025-09-08] libyaml-syck-perl 1.34-3 MIGRATED to testing (Debian testing watch)
[2025-09-05] Accepted libyaml-syck-perl 1.34-3 (source) into unstable (Roland Rosenfeld)
[2022-10-18] libyaml-syck-perl 1.34-2 MIGRATED to testing (Debian testing watch)
[2022-10-16] Accepted libyaml-syck-perl 1.34-2 (source) into unstable (Jelmer Vernooĳ) (signed by: Jelmer Vernooij)
[2020-10-31] libyaml-syck-perl 1.34-1 MIGRATED to testing (Debian testing watch)
[2020-10-28] Accepted libyaml-syck-perl 1.34-1 (source) into unstable (gregor herrmann)
[2020-02-26] libyaml-syck-perl 1.32-2 MIGRATED to testing (Debian testing watch)
[2020-02-04] Accepted libyaml-syck-perl 1.32-2 (source) into unstable (gregor herrmann)
[2020-01-29] Accepted libyaml-syck-perl 1.32-1 (source) into unstable (gregor herrmann)
[2018-10-28] libyaml-syck-perl 1.31-1 MIGRATED to testing (Debian testing watch)
[2018-10-26] Accepted libyaml-syck-perl 1.31-1 (source) into unstable (gregor herrmann)
[2018-05-09] libyaml-syck-perl 1.30-1 MIGRATED to testing (Debian testing watch)
[2018-05-05] Accepted libyaml-syck-perl 1.30-1 (source) into unstable (gregor herrmann)
[2015-11-12] libyaml-syck-perl 1.29-1 MIGRATED to testing (Britney)
[2015-11-01] Accepted libyaml-syck-perl 1.29-1 (source) into unstable (gregor herrmann)
[2013-08-20] libyaml-syck-perl 1.27-2 MIGRATED to testing (Debian testing watch)
[2013-08-09] Accepted libyaml-syck-perl 1.27-2 (source amd64) (gregor herrmann)
[2013-06-07] Accepted libyaml-syck-perl 1.27-1 (source amd64) (gregor herrmann)
[2013-03-23] Accepted libyaml-syck-perl 1.25-1 (source amd64) (gregor herrmann)
[2013-03-02] Accepted libyaml-syck-perl 1.23-1 (source amd64) (gregor herrmann)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.36-1