LibYAML/perl_libyaml.c | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

 fix format string vulnerabilities in yaml parsing (cve-2012-1152)

LibYAML/scanner.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 cve-2013-6393: yaml_parser_scan_tag_uri: fix int overflow leading to buffer overflow
 This is a proposed patch from Florian Weimer <fweimer@redhat.com> for
 the string overflow issue. It has been ack'd by upstream.

LibYAML/api.c | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 cve-2013-6393: yaml_stack_extend: guard against integer overflow
 This is a hardening patch also from Florian Weimer
 <fweimer@redhat.com>.  It is not required to fix this CVE however it
 improves the robustness of the code against future issues by avoiding
 large node ID's in a central place.

LibYAML/scanner.c | 24 17 + 7 - 0 !
LibYAML/yaml_private.h | 1 1 + 0 - 0 !
2 files changed, 18 insertions(+), 7 deletions(-)

 guard against overflows in indent and flow_level

LibYAML/scanner.c | 3 3 + 0 - 0 !
LibYAML/yaml_private.h | 7 5 + 2 - 0 !
2 files changed, 8 insertions(+), 2 deletions(-)

 cve-2014-2525: heap overflow when parsing yaml tags
  The heap overflow is caused by not properly expanding a string before
  writing to it in function yaml_parser_scan_uri_escapes in scanner.c. 

LibYAML/scanner.c | 7 0 + 7 - 0 !
1 file changed, 7 deletions(-)

 remove invalid simple key assertion
 CVE-2014-9130: denial-of-service/application crash with untrusted
 yaml input.