Package: libyaml-libyaml-perl / 0.33-1+squeeze3

Metadata

Package Version Patches format
libyaml-libyaml-perl 0.33-1+squeeze3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
format error.patch | (download)

LibYAML/perl_libyaml.c | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

 fix format string vulnerabilities in yaml parsing (cve-2012-1152)


libyaml string overflow.patch | (download)

LibYAML/scanner.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 cve-2013-6393: yaml_parser_scan_tag_uri: fix int overflow leading to buffer overflow
 This is a proposed patch from Florian Weimer <fweimer@redhat.com> for
 the string overflow issue. It has been ack'd by upstream.
libyaml node id hardening.patch | (download)

LibYAML/api.c | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 cve-2013-6393: yaml_stack_extend: guard against integer overflow
 This is a hardening patch also from Florian Weimer
 <fweimer@redhat.com>.  It is not required to fix this CVE however it
 improves the robustness of the code against future issues by avoiding
 large node ID's in a central place.
libyaml guard against overflows in indent and flow_level.patch | (download)

LibYAML/scanner.c | 24 17 + 7 - 0 !
LibYAML/yaml_private.h | 1 1 + 0 - 0 !
2 files changed, 18 insertions(+), 7 deletions(-)

 guard against overflows in indent and flow_level
CVE 2014 2525.patch | (download)

LibYAML/scanner.c | 3 3 + 0 - 0 !
LibYAML/yaml_private.h | 7 5 + 2 - 0 !
2 files changed, 8 insertions(+), 2 deletions(-)

 cve-2014-2525: heap overflow when parsing yaml tags
  The heap overflow is caused by not properly expanding a string before
  writing to it in function yaml_parser_scan_uri_escapes in scanner.c.