Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted libyaml 0.1.3-1+deb6u4 (source amd64)
Date: Tue, 01 Apr 2014 21:18:03 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 20 Mar 2014 00:04:03 +0100
Source: libyaml
Binary: libyaml-0-2 libyaml-dev
Architecture: source amd64
Version: 0.1.3-1+deb6u4
Distribution: squeeze-security
Urgency: high
Maintainer: Anders Kaseorg <andersk@mit.edu>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libyaml-0-2 - Fast YAML 1.1 parser and emitter library
 libyaml-dev - Fast YAML 1.1 parser and emitter library (development)
Changes: 
 libyaml (0.1.3-1+deb6u4) squeeze-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2014-2525: Heap overflow when parsing YAML tags.
     The heap overflow is caused by not properly expanding a string before
     writing to it in function yaml_parser_scan_uri_escapes in scanner.c.
Checksums-Sha1: 
 2b8053cd8a409add1d1b825d3db5b6139f93f7c7 1785 libyaml_0.1.3-1+deb6u4.dsc
 e56ae85e3c646825402f24482220c72647045a59 3552 libyaml_0.1.3-1+deb6u4.diff.gz
 c8322e584df489cbdd207baa64b87bebec1bf44c 55612 libyaml-0-2_0.1.3-1+deb6u4_amd64.deb
 329600edc04e9ebf9c48895633a79aaac40968b1 70384 libyaml-dev_0.1.3-1+deb6u4_amd64.deb
Checksums-Sha256: 
 599f6d3b3a9061c704bf695863a53e18dd88ad2dabd944f844a7e9efafef47d4 1785 libyaml_0.1.3-1+deb6u4.dsc
 e8eb67a513f54186306331e288410fcc5942e5f22cc5ef6df3fb8249bfe3188a 3552 libyaml_0.1.3-1+deb6u4.diff.gz
 de6f93eee78e8e1a2f4d84b6e648c59727da360bbb91aeb7165bdc02575fe73e 55612 libyaml-0-2_0.1.3-1+deb6u4_amd64.deb
 e5aef3293af4a2ac47b35ce4fdec2a2a1fa325bbb4953616ff3d333ae1028ae5 70384 libyaml-dev_0.1.3-1+deb6u4_amd64.deb
Files: 
 674536a6703adb1656d3b27cc07f54ac 1785 libs optional libyaml_0.1.3-1+deb6u4.dsc
 77d1bfb6df30474e1131510fe7b9c8c6 3552 libs optional libyaml_0.1.3-1+deb6u4.diff.gz
 3d431a151b2f634aee8c4e75357ac3c8 55612 libs optional libyaml-0-2_0.1.3-1+deb6u4_amd64.deb
 3d848e610d31c9c58a0afe068afccaa4 70384 libdevel optional libyaml-dev_0.1.3-1+deb6u4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTKiO+AAoJEAVMuPMTQ89ExIUP/jybZacPvG87P41H7b5fsdv+
NB/k53+EwBnOO9WLi8CSLFMpLPvAczdfxY7hL8YjA4HY7rCxCY5DkdPPKNEHMed+
FVEiidpCvRcb4xiX9zV3h+6MJYNNtj7JdF0WW6aNZrHLmS0IEzDVUXkuIW8G2y7l
6KBH3MD7YNma+gqkODBv91eZxl7Aaw15vd14twis3bVqzFBLHH6a1DLB4XkLzwqk
aiWYUD+QgCc8ZshmtuMAOZaVMMydZLZDnqJ5t58XQBJT9rd6ZGTzLtEJ92myBM+t
cdz+93hp4SV8Z/2mgBng6QlAmZy/3BuRhNAAwLu++oz5VlBBR8GAmriiumm0Dd+P
wnWxhwzBu8jf6lyTUq/Rp60AMJUYR2o+jyvxI+OfHekdrWNR852IrTQZn94AZMWA
zabAENYsJl60d6QwXvKDdhhfRZLTH87KdhthTWKdqgsHy7uDAoAtuhFldZP+3XvL
j585DcwUdZpELx/2uBHNyZWS2O0UhLvMdNPAnYAg52S1aHVRIscF3n7Zfxu/5tgT
6pMVz/8yOJMDnYpNjtqbYTOqdcEwJiznBIRxjkyI55BGIvFzf14eWH6Ly/NlSROm
XonEp7xawNF+E0mJRVRSVzSvtGyn2rLqjdv4lNPVQUfDG+V3OpVDUN44yveNOYuz
82pLRLhRX+K7J5Q7Odbc
=i38X
-----END PGP SIGNATURE-----
News for package libyaml
