-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 20 Mar 2014 16:49:19 +0100 Source: libyaml Binary: libyaml-0-2 libyaml-0-2-dbg libyaml-dev Architecture: source amd64 Version: 0.1.4-2+deb7u4 Distribution: wheezy-security Urgency: high Maintainer: Anders Kaseorg <andersk@mit.edu> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: libyaml-0-2 - Fast YAML 1.1 parser and emitter library libyaml-0-2-dbg - Fast YAML 1.1 parser and emitter library (debugging symbols) libyaml-dev - Fast YAML 1.1 parser and emitter library (development) Changes: libyaml (0.1.4-2+deb7u4) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2014-2525.patch patch. CVE-2014-2525: Heap overflow when parsing YAML tags. The heap overflow is caused by not properly expanding a string before writing to it in function yaml_parser_scan_uri_escapes in scanner.c. Checksums-Sha1: f40326cb52f91c383411bc74bbbddecf296198f6 1944 libyaml_0.1.4-2+deb7u4.dsc 6d36a05dc67daf05c7106f8c7922039d97a567fa 5470 libyaml_0.1.4-2+deb7u4.debian.tar.gz 3d027fd3df39ec07d88a4c805278797be576818f 58228 libyaml-0-2_0.1.4-2+deb7u4_amd64.deb 57cc9e321d327e2ec311f8fb488d2ca73cfadb89 106750 libyaml-0-2-dbg_0.1.4-2+deb7u4_amd64.deb 77961d37091315ff74d21319172406a504aa2416 72238 libyaml-dev_0.1.4-2+deb7u4_amd64.deb Checksums-Sha256: 88f17a5965a29fdbf7501750d8270354e09bd12b455c2afcfcaadf5d4e5af661 1944 libyaml_0.1.4-2+deb7u4.dsc 74ce2b7af2690c12c83778186e077ac244e5422a324bd2fc3a0ce598294e0851 5470 libyaml_0.1.4-2+deb7u4.debian.tar.gz d17a5d7e73ad495079cf5fb99e0c0768e49938841c0ce58a44f8f927dfb16c01 58228 libyaml-0-2_0.1.4-2+deb7u4_amd64.deb 81f2a24be476bd5b2ea7a2a196896d6dfd6592a5cd57e658ad84ed45779b3d86 106750 libyaml-0-2-dbg_0.1.4-2+deb7u4_amd64.deb c305d38fc1116ebe8e911c6373b00f384d6af66934c4d7db6956db04bdd592a9 72238 libyaml-dev_0.1.4-2+deb7u4_amd64.deb Files: 118d1cfdc577a60d4a05aa4203b078d4 1944 libs optional libyaml_0.1.4-2+deb7u4.dsc 51edea9e1e17107f9c9cad7da783640c 5470 libs optional libyaml_0.1.4-2+deb7u4.debian.tar.gz 97feffb68053dd067552b5cc2dc14893 58228 libs optional libyaml-0-2_0.1.4-2+deb7u4_amd64.deb ebbb1ed34c1c3b2d8eda52921516600d 106750 debug extra libyaml-0-2-dbg_0.1.4-2+deb7u4_amd64.deb 79ac7301b3bc52bd1fac9fc5c361d9be 72238 libdevel optional libyaml-dev_0.1.4-2+deb7u4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTK9HMAAoJEAVMuPMTQ89EOu8P/RNqQVPekkqYpAaGHfztRupf Dgo7YGXmA79/LHyzQishGXFry3ZcKK6/yiYlosLzQozePwpAsIxg98zVqTqRpOhR JV7MMG0Rb0JJBmVWpR9J0Hb8+uWZ+1ZxQa6rqvGURu2A7WqUi3WqdYKdVunCxAgs du09h/MgrXCK+kxkf+L0Kc1xe1IUYrQ680TQ6NGoKdxl+OYGGHK6Zro4QwC/biGA EGs4Yn4JaqkTtm2MhH2CxsLbnIyQ6Z+kq3qzlj/0b6mPwYuMVZ9UNc9YgDPc0S5S ZrjJktuZgg7VQBFyi3oIUWa9WWjwm+YyFnYOUbQu0plEfpsQcO0rcpCkTooJ+I1C qQ49JB21S6v5h75NJLlYHy0tF7gmyg0TE1sL15Ov/Lsci4bTYHuc3m8oP7j29g0t i3IZgiZWd7rE+cEtUzDLMOWfMrnecWZLmuqPf4tW4Gu/KayML/GXOmn+SGQyxh/8 1OZtwBIm5xojBp2PdpQ4pq7LxtgUTAEiq1dk16Rcf4li0cJYi+b00dFlTctRbqjK NvW30aZs/aQJO1kdKik0yOMtMOrZx7hiib8nglnk2gXk/3vJ5/8kY+MgFJNwAP0h 4q5zsJIeorIHtmW7XsgINIKnVdZ8CPqALMXTmzqbgMyERzAFbMkvRvV5C4z007ZB kx0RX0XzwQ3He31m4U8u =wGeu -----END PGP SIGNATURE-----
