-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Mar 2014 06:22:25 +0100 Source: libyaml Binary: libyaml-0-2 libyaml-0-2-dbg libyaml-dev Architecture: source amd64 Version: 0.1.4-3.2 Distribution: unstable Urgency: high Maintainer: Anders Kaseorg <andersk@mit.edu> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: libyaml-0-2 - Fast YAML 1.1 parser and emitter library libyaml-0-2-dbg - Fast YAML 1.1 parser and emitter library (debugging symbols) libyaml-dev - Fast YAML 1.1 parser and emitter library (development) Closes: 742732 Changes: libyaml (0.1.4-3.2) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2014-2525.patch patch. CVE-2014-2525: Fixes heap overflow in yaml_parser_scan_uri_escapes. The heap overflow is caused by not properly expanding a string before writing to it in function yaml_parser_scan_uri_escapes in scanner.c. (Closes: #742732) Checksums-Sha1: e064c577e3943e1a8df91506b1c2bc62b763a82a 1924 libyaml_0.1.4-3.2.dsc 20b1bcdfdce31d6db935f09a61f84880cfc0c39a 6248 libyaml_0.1.4-3.2.debian.tar.xz 959bde12204fa821f07063cba5fc822c41c7e14d 47994 libyaml-0-2_0.1.4-3.2_amd64.deb a53a3713a32f0bb0fe6f03a0749971255b816645 97164 libyaml-0-2-dbg_0.1.4-3.2_amd64.deb 34df10937ef765b5dbbc63e76b24239bbba42fab 57532 libyaml-dev_0.1.4-3.2_amd64.deb Checksums-Sha256: 5746fa3ac13a5d89cdab0990863de4a1bfb3e57dfce8b05379974934db11fe9f 1924 libyaml_0.1.4-3.2.dsc 1e190a62bfb19e491d05f3ee17c7ca8461d0f78ad9e8b0ee22f70f4542e85210 6248 libyaml_0.1.4-3.2.debian.tar.xz 85b8684be5371474b6b462babf07303edcb4736ee16ceb9b20f44817c598f210 47994 libyaml-0-2_0.1.4-3.2_amd64.deb ee931974b278172f6391516582d3a5da9a824157dfbab4fc8c3a6b7cf6ac5dc5 97164 libyaml-0-2-dbg_0.1.4-3.2_amd64.deb 6643beb1f83b59c0392f5558bac873740479257c1727c0fd8d4c7a06f105b5cc 57532 libyaml-dev_0.1.4-3.2_amd64.deb Files: e9584481a784401d40408ff422fe61ef 1924 libs optional libyaml_0.1.4-3.2.dsc c59c3b86d32bb0ac1f1bf7f6f5c55330 6248 libs optional libyaml_0.1.4-3.2.debian.tar.xz 58640c378473c9d61890154f017b6623 47994 libs optional libyaml-0-2_0.1.4-3.2_amd64.deb bb16e4505ae8215842ff5d870b762f0d 97164 debug extra libyaml-0-2-dbg_0.1.4-3.2_amd64.deb ecd9522bd9759d70257b0bd30d0e8667 57532 libdevel optional libyaml-dev_0.1.4-3.2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTM7YDAAoJEAVMuPMTQ89EeeMP/2bEWZDOj99VnyGRbinRpQOm tLeHo7ubQtSE6bJUTSKAsgkYYPU49xbBPe8V+HWABLLsLTsHZaE0TXBI3BTiejOB Q86wM/HknLC2ZGx2tR1KmXQm8i6hMfqqzIZ+7vr45/TWUA89wZ6FXB4WzKNyvM6G 29m4WEFVDFEo0iK3IJKoZENj2X4wvKE64bcavZiFCAqqh9MDPgK1XdiGVj69qFHb QPn6Nt4fd21udt8+GmAa2bIdsgm3ZLvyGOrRPeaw/9vp5RlSjODbKoC1Ae5cHGrB /HrMEdGo1rnmthAYD8XEL/tlpD+/cs3DhvN7ar5L3DOHiz0HymnTxa0HoHwUP2ms iy110y0mekTD/XDFJhiC3pHq/NE/NUnTODO/B73JKsllPe25rFo1pmfLCAwC0eQQ jzyGiqW2K/GrXRZ5N+TPcEDMXZ3iS3Oh36WSFGLlisMtgbYH0oFgnUKB4MQ2lOMb TCwEXoQnh+siNNQkVBGj3IR4m4Iy9vyzZYTr4yuxCmR+Ush7zf4S5Eb0IlWxltt1 k0RuFkYiM8e99c40ixrlkNKJOXKPJkYOVZ9xvj8/A3OoTBcr6Fo8iuZ8Q1Njd8c/ 3Ua6HXd2D3LoFl01XER8Hh8ENVNHaG31pltLudyM1M50lOibPPDs93W3YpC/I6Dq SYgXaHLOzd/U6vu9upVi =D566 -----END PGP SIGNATURE-----
