-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 23 Mar 2014 08:38:33 +0100 Source: libyaml-libyaml-perl Binary: libyaml-libyaml-perl Architecture: source amd64 Version: 0.33-1+squeeze3 Distribution: squeeze-security Urgency: high Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: libyaml-libyaml-perl - Perl interface to libyaml, a YAML implementation Changes: libyaml-libyaml-perl (0.33-1+squeeze3) squeeze-security; urgency=high . * Team upload. * Add CVE-2014-2525.patch patch. CVE-2014-2525: Heap overflow when parsing YAML tags. The heap overflow is caused by not properly expanding a string before writing to it in function yaml_parser_scan_uri_escapes in scanner.c. Checksums-Sha1: 479b10ade8d32389990601c5c500ec522b9171d7 2045 libyaml-libyaml-perl_0.33-1+squeeze3.dsc c4b33b80016e52268f170b5295797ace6f4a6eaa 5022 libyaml-libyaml-perl_0.33-1+squeeze3.debian.tar.gz 9da73b18eb97f21026fd28e6ed7804945622c2af 75920 libyaml-libyaml-perl_0.33-1+squeeze3_amd64.deb Checksums-Sha256: 8e64daa6f48466da0758ad7e7d9a05efcd9199dc77d8c626ebbb02bd7be14d47 2045 libyaml-libyaml-perl_0.33-1+squeeze3.dsc f6a8d165d94bb207bd22404d955f37f7a805d79cb18809942c73ba020c81003a 5022 libyaml-libyaml-perl_0.33-1+squeeze3.debian.tar.gz 2de5c7f4684a18450b10b1845b7b0cb25aabf2bc1c8f5240a02ecf4890a69bed 75920 libyaml-libyaml-perl_0.33-1+squeeze3_amd64.deb Files: caa877772ac2be99f93cac72e62895c9 2045 perl optional libyaml-libyaml-perl_0.33-1+squeeze3.dsc 2466f36776b0eb4111d31ed088446778 5022 perl optional libyaml-libyaml-perl_0.33-1+squeeze3.debian.tar.gz d8830721c7b4ccee57b14473258a4340 75920 perl optional libyaml-libyaml-perl_0.33-1+squeeze3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTLo/cAAoJEAVMuPMTQ89E+FAP/ju45qN+9kZ3i+KEbmR/H+QK fcKZtG+A27p6DmTPBv+prgZDMMnidvKe3Am5O5BcBj+uLx5Zhx+r22rwBoN9m/2t PmIi9hGSD7M9r653/ZKYyxDZkxcSmkpi2zKLnNgeg48mLwN/8BI4WdqmeXWUJx7R OnwcAZUUENH0bk3dqnPRvBBlgpKLnnBet+wuoUmxemmIuVAv5FupCBYJXyMNF2jr mEeLD4Qlb2RxjYk7/QcRnCH9W/sueyXvvAJnPmN+yQdRk75BiEfONvcnXU8t5zXd MX7l2f2YMtCUeHEbEBEcEKQNWp+4OorPZGY1DSaAM3Y53fxUaUbJcuy/IEkarDcr tgNKOzU79Cc29s8S1q5tzY5pqYC32rYXjWG7JQPbXB4l5H+HnP3FIGy/+L55GjHd ZnxEABLJjxfBUnz7YRWgnjzL91QFGsyWILYAIqensu2hwLjhi5UhKhO1gyZ6zyIv dd1nPDQV2ENEAFHTFcnexOpLpeoLHjacuZT/hka/qmqHWwKWcIlqlgb7x22tKCKX OI85J9lXL9RIH43YA6MqQhh+FVBkF2NNz8yvPGHAvOl8mfoJJCkcM1i75IwDUklS M/n/CvK+CPRGDnUe+Q/yI/lmDw13Cd/yhuACRJCGyUWWBu5AiWVyuh3QY/3qMvQx 9C2yy3Ofx0ruaIvYgLQn =S97q -----END PGP SIGNATURE-----