-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 23 Mar 2014 08:32:24 +0100 Source: libyaml-libyaml-perl Binary: libyaml-libyaml-perl Architecture: source amd64 Version: 0.41-5 Distribution: unstable Urgency: high Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: libyaml-libyaml-perl - Perl interface to libyaml, a YAML implementation Changes: libyaml-libyaml-perl (0.41-5) unstable; urgency=high . * Team upload. . [ gregor herrmann ] * Strip trailing slash from metacpan URLs. . [ Salvatore Bonaccorso ] * Add CVE-2014-2525.patch patch. CVE-2014-2525: Heap overflow when parsing YAML tags. The heap overflow is caused by not properly expanding a string before writing to it in function yaml_parser_scan_uri_escapes in scanner.c. Checksums-Sha1: d00185ec8d2ff5479d34fc0d242b68d91b27abd8 2167 libyaml-libyaml-perl_0.41-5.dsc bb432331a65979816febe0f72fb249ac51f5a570 6264 libyaml-libyaml-perl_0.41-5.debian.tar.xz 542e16471a15029265939251ce1ae98810d5f150 67258 libyaml-libyaml-perl_0.41-5_amd64.deb Checksums-Sha256: 85dcda58c59ce651b16c0080bf4c5a7bb7cf4615b32b889af7eb91dc98b99096 2167 libyaml-libyaml-perl_0.41-5.dsc d947afaf6aad34e475fb61cb406f0c9546d178e84f914cc44638afcff16d62f5 6264 libyaml-libyaml-perl_0.41-5.debian.tar.xz 02d769dc4f4aa14270c5d699d042a6afe580fb15e1d8d871be9597ac9b594535 67258 libyaml-libyaml-perl_0.41-5_amd64.deb Files: c6b35de209999728fa4431b0a7392b5e 2167 perl optional libyaml-libyaml-perl_0.41-5.dsc 3805c00cbcef84e26a08b93eb1c625ad 6264 perl optional libyaml-libyaml-perl_0.41-5.debian.tar.xz eb36fb5ac6fde4fca5311a1e4536c2f9 67258 perl optional libyaml-libyaml-perl_0.41-5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTMyT6AAoJEAVMuPMTQ89EYycP+wTjm/MjI6sBqVjcsPDzmNJx Gt/6V2axjcs2c5wQyb9mVGoI1J1PAVP59Eh3NpPPgNaAUCen8qreiJMFB0GVeZ3q 3kz7BYndITE3L/7oHtCL85m5q6pCDyYxWyh4gz4nSPfBVSlQwwK8I03mE/JrRo0P 46s3FXRPlergfMAaMViELW/AHAGbYFgtPVx2GYA4xVIy20wv+IKc2MdAw/Tg4fzO WzcCG9kKDfmo0yRWf/zIcwo2JwbDK4IBG9VPAPZQfl5xrkbdpWPt6UtibESnx1Wq uJ3vmXkZ/KPIeISZooGxtv2FPi/s7knA/ovlTh9SlvCDdXi3bDX6vhGVmtJpmPZk HFI8/Lh1UdB1iFpnwUvaHSeEaZqtrHrtYccFAOkG3PrzCtBNeZgKJTntvVXciBKw cLASpWjwkbw2wccqfN/fTYqIYwdwLVMsGax3+bJlaWaIGT6pA/BWCq076sIF2FJa NKQ4hGMYsvWfkg78L78QEBDhiKRU6A+97sBkyOX1Q9VB8WN03qP+VgCFKUj8X8wm nL9e94BuNn8FN2G+9YcaJMiFF/J3oUHbJ1D2jat0STCt/fq9HC9hn+MX9Vk9juND YV1+bY+RFqDzD0oKW9M8Vgjn0BE2qQM5d4Laa1Z+7JKNKJ3m/ypKOovlu+oQYPBQ 4PBR7yxMlc+eV7dk/Cl9 =WuGw -----END PGP SIGNATURE-----