Author: jquelin@cpan.org 
Bug: https://rt.cpan.org/Public/Bug/Display.html?id=46507
Bug-Debian: http://bugs.debian.org/661548
Subject: Fix format string vulnerabilities in YAML parsing (CVE-2012-1152)

--- a/LibYAML/perl_libyaml.c.orig	2009-05-30 12:05:58.000000000 +0200
+++ a/LibYAML/perl_libyaml.c	2009-05-30 12:09:08.000000000 +0200
@@ -181,7 +181,7 @@
     return;
 
 load_error:
-    croak(loader_error_msg(&loader, NULL));
+    croak("%s", loader_error_msg(&loader, NULL));
 }
 
 /*
@@ -230,12 +230,12 @@
 
     /* Some kind of error occurred */
     if (loader->event.type == YAML_NO_EVENT)
-        croak(loader_error_msg(loader, NULL));
+        croak("%s", loader_error_msg(loader, NULL));
 
     croak(ERRMSG "Invalid event '%d' at top level", (int) loader->event.type);
 
 load_error:
-    croak(loader_error_msg(loader, NULL));
+    croak("%s", loader_error_msg(loader, NULL));
 }
 
 /*
@@ -277,7 +277,7 @@
         }
         else if (strlen(tag) <= strlen(prefix) ||
             ! strnEQ(tag, prefix, strlen(prefix))
-        ) croak(
+        ) croak( "%s",
             loader_error_msg(loader, form("bad tag found for hash: '%s'", tag))
         );
         class = tag + strlen(prefix);
@@ -310,7 +310,7 @@
             prefix = "!";
         else if (strlen(tag) <= strlen(prefix) ||
             ! strnEQ(tag, prefix, strlen(prefix))
-        ) croak(
+        ) croak( "%s",
             loader_error_msg(loader, form("bad tag found for array: '%s'", tag))
         );
         class = tag + strlen(prefix);