Back to libyaml PTS page

Accepted libyaml 0.1.4-2+deb7u4 (source amd64)

To: debian-changes@lists.debian.org
Subject: Accepted libyaml 0.1.4-2+deb7u4 (source amd64)
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 01 Apr 2014 21:17:14 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1WV63W-0003JO-4e@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
Sender: Archive Administrator <dak@franck.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 20 Mar 2014 16:49:19 +0100
Source: libyaml
Binary: libyaml-0-2 libyaml-0-2-dbg libyaml-dev
Architecture: source amd64
Version: 0.1.4-2+deb7u4
Distribution: wheezy-security
Urgency: high
Maintainer: Anders Kaseorg <andersk@mit.edu>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libyaml-0-2 - Fast YAML 1.1 parser and emitter library
 libyaml-0-2-dbg - Fast YAML 1.1 parser and emitter library (debugging symbols)
 libyaml-dev - Fast YAML 1.1 parser and emitter library (development)
Changes: 
 libyaml (0.1.4-2+deb7u4) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2014-2525.patch patch.
     CVE-2014-2525: Heap overflow when parsing YAML tags.
     The heap overflow is caused by not properly expanding a string before
     writing to it in function yaml_parser_scan_uri_escapes in scanner.c.
Checksums-Sha1: 
 f40326cb52f91c383411bc74bbbddecf296198f6 1944 libyaml_0.1.4-2+deb7u4.dsc
 6d36a05dc67daf05c7106f8c7922039d97a567fa 5470 libyaml_0.1.4-2+deb7u4.debian.tar.gz
 3d027fd3df39ec07d88a4c805278797be576818f 58228 libyaml-0-2_0.1.4-2+deb7u4_amd64.deb
 57cc9e321d327e2ec311f8fb488d2ca73cfadb89 106750 libyaml-0-2-dbg_0.1.4-2+deb7u4_amd64.deb
 77961d37091315ff74d21319172406a504aa2416 72238 libyaml-dev_0.1.4-2+deb7u4_amd64.deb
Checksums-Sha256: 
 88f17a5965a29fdbf7501750d8270354e09bd12b455c2afcfcaadf5d4e5af661 1944 libyaml_0.1.4-2+deb7u4.dsc
 74ce2b7af2690c12c83778186e077ac244e5422a324bd2fc3a0ce598294e0851 5470 libyaml_0.1.4-2+deb7u4.debian.tar.gz
 d17a5d7e73ad495079cf5fb99e0c0768e49938841c0ce58a44f8f927dfb16c01 58228 libyaml-0-2_0.1.4-2+deb7u4_amd64.deb
 81f2a24be476bd5b2ea7a2a196896d6dfd6592a5cd57e658ad84ed45779b3d86 106750 libyaml-0-2-dbg_0.1.4-2+deb7u4_amd64.deb
 c305d38fc1116ebe8e911c6373b00f384d6af66934c4d7db6956db04bdd592a9 72238 libyaml-dev_0.1.4-2+deb7u4_amd64.deb
Files: 
 118d1cfdc577a60d4a05aa4203b078d4 1944 libs optional libyaml_0.1.4-2+deb7u4.dsc
 51edea9e1e17107f9c9cad7da783640c 5470 libs optional libyaml_0.1.4-2+deb7u4.debian.tar.gz
 97feffb68053dd067552b5cc2dc14893 58228 libs optional libyaml-0-2_0.1.4-2+deb7u4_amd64.deb
 ebbb1ed34c1c3b2d8eda52921516600d 106750 debug extra libyaml-0-2-dbg_0.1.4-2+deb7u4_amd64.deb
 79ac7301b3bc52bd1fac9fc5c361d9be 72238 libdevel optional libyaml-dev_0.1.4-2+deb7u4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTK9HMAAoJEAVMuPMTQ89EOu8P/RNqQVPekkqYpAaGHfztRupf
Dgo7YGXmA79/LHyzQishGXFry3ZcKK6/yiYlosLzQozePwpAsIxg98zVqTqRpOhR
JV7MMG0Rb0JJBmVWpR9J0Hb8+uWZ+1ZxQa6rqvGURu2A7WqUi3WqdYKdVunCxAgs
du09h/MgrXCK+kxkf+L0Kc1xe1IUYrQ680TQ6NGoKdxl+OYGGHK6Zro4QwC/biGA
EGs4Yn4JaqkTtm2MhH2CxsLbnIyQ6Z+kq3qzlj/0b6mPwYuMVZ9UNc9YgDPc0S5S
ZrjJktuZgg7VQBFyi3oIUWa9WWjwm+YyFnYOUbQu0plEfpsQcO0rcpCkTooJ+I1C
qQ49JB21S6v5h75NJLlYHy0tF7gmyg0TE1sL15Ov/Lsci4bTYHuc3m8oP7j29g0t
i3IZgiZWd7rE+cEtUzDLMOWfMrnecWZLmuqPf4tW4Gu/KayML/GXOmn+SGQyxh/8
1OZtwBIm5xojBp2PdpQ4pq7LxtgUTAEiq1dk16Rcf4li0cJYi+b00dFlTctRbqjK
NvW30aZs/aQJO1kdKik0yOMtMOrZx7hiib8nglnk2gXk/3vJ5/8kY+MgFJNwAP0h
4q5zsJIeorIHtmW7XsgINIKnVdZ8CPqALMXTmzqbgMyERzAFbMkvRvV5C4z007ZB
kx0RX0XzwQ3He31m4U8u
=wGeu
-----END PGP SIGNATURE-----