Register | Log in

libyaml-syck-perl

Perl module providing a fast, lightweight YAML loader and dumper

Choose email to subscribe with

general

source: libyaml-syck-perl (main)
version: 1.34-4
maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
uploaders: gregor herrmann [DMD] – Ansgar Burchardt [DMD]
arch: any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.34-1
oldstable: 1.34-2
stable: 1.34-2
testing: 1.34-4
unstable: 1.34-4

versioned links

1.34-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.34-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.34-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libyaml-syck-perl

action needed

A new upstream version is available: 1.36 high

A new upstream version 1.36 is available, you should consider packaging it.

Created: 2025-10-11 Last update: 2025-10-18 21:03

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2025-11683: YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.

Created: 2025-10-16 Last update: 2025-10-18 06:01

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-11683: (needs triaging) YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-10-16 Last update: 2025-10-18 06:01

news

[2025-10-18] libyaml-syck-perl 1.34-4 MIGRATED to testing (Debian testing watch)
[2025-10-16] Accepted libyaml-syck-perl 1.34-4 (source) into unstable (Salvatore Bonaccorso)
[2025-09-08] libyaml-syck-perl 1.34-3 MIGRATED to testing (Debian testing watch)
[2025-09-05] Accepted libyaml-syck-perl 1.34-3 (source) into unstable (Roland Rosenfeld)
[2022-10-18] libyaml-syck-perl 1.34-2 MIGRATED to testing (Debian testing watch)
[2022-10-16] Accepted libyaml-syck-perl 1.34-2 (source) into unstable (Jelmer Vernooĳ) (signed by: Jelmer Vernooij)
[2020-10-31] libyaml-syck-perl 1.34-1 MIGRATED to testing (Debian testing watch)
[2020-10-28] Accepted libyaml-syck-perl 1.34-1 (source) into unstable (gregor herrmann)
[2020-02-26] libyaml-syck-perl 1.32-2 MIGRATED to testing (Debian testing watch)
[2020-02-04] Accepted libyaml-syck-perl 1.32-2 (source) into unstable (gregor herrmann)
[2020-01-29] Accepted libyaml-syck-perl 1.32-1 (source) into unstable (gregor herrmann)
[2018-10-28] libyaml-syck-perl 1.31-1 MIGRATED to testing (Debian testing watch)
[2018-10-26] Accepted libyaml-syck-perl 1.31-1 (source) into unstable (gregor herrmann)
[2018-05-09] libyaml-syck-perl 1.30-1 MIGRATED to testing (Debian testing watch)
[2018-05-05] Accepted libyaml-syck-perl 1.30-1 (source) into unstable (gregor herrmann)
[2015-11-12] libyaml-syck-perl 1.29-1 MIGRATED to testing (Britney)
[2015-11-01] Accepted libyaml-syck-perl 1.29-1 (source) into unstable (gregor herrmann)
[2013-08-20] libyaml-syck-perl 1.27-2 MIGRATED to testing (Debian testing watch)
[2013-08-09] Accepted libyaml-syck-perl 1.27-2 (source amd64) (gregor herrmann)
[2013-06-07] Accepted libyaml-syck-perl 1.27-1 (source amd64) (gregor herrmann)
[2013-03-23] Accepted libyaml-syck-perl 1.25-1 (source amd64) (gregor herrmann)
[2013-03-02] Accepted libyaml-syck-perl 1.23-1 (source amd64) (gregor herrmann)
[2012-12-15] Accepted libyaml-syck-perl 1.22-1 (source amd64) (gregor herrmann)
[2012-09-28] Accepted libyaml-syck-perl 1.21-1 (source i386) (Nicholas Bamber)
[2012-02-27] libyaml-syck-perl 1.20-1 MIGRATED to testing (Debian testing watch)
[2012-02-16] Accepted libyaml-syck-perl 1.20-1 (source amd64) (Fabrizio Regalli) (signed by: Angel Abad)
[2011-11-22] libyaml-syck-perl 1.19-1 MIGRATED to testing (Debian testing watch)
[2011-11-12] Accepted libyaml-syck-perl 1.19-1 (source amd64) (Ansgar Burchardt)
[2011-02-06] libyaml-syck-perl 1.17-1 MIGRATED to testing (Debian testing watch)
[2010-12-19] Accepted libyaml-syck-perl 1.17-1 (source i386) (Nicholas Bamber) (signed by: gregor herrmann)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.34-3

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing