-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 23 Mar 2014 08:35:48 +0100 Source: libyaml-libyaml-perl Binary: libyaml-libyaml-perl Architecture: source amd64 Version: 0.38-3+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: libyaml-libyaml-perl - Perl interface to libyaml, a YAML implementation Changes: libyaml-libyaml-perl (0.38-3+deb7u2) wheezy-security; urgency=high . * Team upload. * Add CVE-2014-2525.patch patch. CVE-2014-2525: Heap overflow when parsing YAML tags. The heap overflow is caused by not properly expanding a string before writing to it in function yaml_parser_scan_uri_escapes in scanner.c. Checksums-Sha1: 63459265cb5b9ee1738f0f921ca029968075cc30 2204 libyaml-libyaml-perl_0.38-3+deb7u2.dsc a0e3c0e16eb26fc8229c82e5752ebe21cf254941 6140 libyaml-libyaml-perl_0.38-3+deb7u2.debian.tar.gz 474b3cbd6a826885418a9b18d4a96f896f55553e 78562 libyaml-libyaml-perl_0.38-3+deb7u2_amd64.deb Checksums-Sha256: d364df6d6647e6db8fbfa7db16856c3556bd466c93fea5e0369af9a22004631e 2204 libyaml-libyaml-perl_0.38-3+deb7u2.dsc c1efed66a0284e41039e59d1d1337a9f16dee0245c4acf001cd3dea05939732b 6140 libyaml-libyaml-perl_0.38-3+deb7u2.debian.tar.gz f16b66ef09b011ee7ae0527e7d5b468f6b84fc9c42ee25b27925d50bddbb069f 78562 libyaml-libyaml-perl_0.38-3+deb7u2_amd64.deb Files: 970979e783eba17c708ee2a9e2adeada 2204 perl optional libyaml-libyaml-perl_0.38-3+deb7u2.dsc e43b3f8364c6a81fcce4e7927bd06873 6140 perl optional libyaml-libyaml-perl_0.38-3+deb7u2.debian.tar.gz a4a682df9b2ed41f2575912a42bebd31 78562 perl optional libyaml-libyaml-perl_0.38-3+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTLo8+AAoJEAVMuPMTQ89EBAEQAINt1wn+1Sep1tvI42ZAirGh ToDYkFaAuP+sFit3tKutAnhcBr4+A0cU1anPvniZrgOuV3UiNYtohy37R29BrFif BL8UetJJVaPDS7LsuN/gEztqocjBxSqV+Dez1kyAUMDCm2/uMSwZ9vqwUTjJQyua DgYlm5N3y9GQw309DtZbZvb+odzDa4FFTOZivIhXDk/I6GA36FfJgOgRTKo/X3un LYXO3meqFgCz6XqP4ZYy0Y4+QLlBsMRIhXheGN8fMnhy8cb01THYXu7Hlsn/Sjzl EHA30Gc7NbAUFpWfStiLZ6U5H9kOkh76yIwicriSdaa0TU6mbXnBAmWQuoPY8kIW 8ePk+2AnXeA16dwUSBzBeo+S7uJRMykTRERDQVmtIcmxs7HI/f8eqhXPWW0dgaiu P+lbSXbXkjpgKSdOKv0UeXuO26TpbT8ki4GWXu1sFZgxdxM/SRDnFNQufwdbMiII +sjws+pDgd9v//ft+VQ/l8vj7a2BJdNVcOtXIuNt76C7UxVXZtor5jdNYCAV4WKa IGi3ab86qcc6fOS1Q0c/XtfKuswaB0D+Bb7k3YDPr5X6JAYNf8u4sYcehC+kvi7w VevVM3OsSkwLs7VzIpqkt5BiNvxwDaBsG2DVkqpF96vS7qEXmFb5DhGY+Pi69dbj RgXtKP9KkuQIMIEMp8of =5CX2 -----END PGP SIGNATURE-----