Package: libyaml-libyaml-perl / 0.38-3+deb7u3

Metadata

Package Version Patches format
libyaml-libyaml-perl 0.38-3+deb7u3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix_ftbfs_hardening_flags.diff | (download)

LibYAML/perl_libyaml.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 fix ftbfs with hardening flags (cve-2012-1152)
libyaml string overflow.patch | (download)

LibYAML/scanner.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 cve-2013-6393: yaml_parser_scan_tag_uri: fix int overflow leading to buffer overflow
 This is a proposed patch from Florian Weimer <fweimer@redhat.com> for
 the string overflow issue. It has been ack'd by upstream.
libyaml node id hardening.patch | (download)

LibYAML/api.c | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 cve-2013-6393: yaml_stack_extend: guard against integer overflow
 This is a hardening patch also from Florian Weimer
 <fweimer@redhat.com>.  It is not required to fix this CVE however it
 improves the robustness of the code against future issues by avoiding
 large node ID's in a central place.
libyaml guard against overflows in indent and flow_level.patch | (download)

LibYAML/scanner.c | 24 17 + 7 - 0 !
LibYAML/yaml_private.h | 1 1 + 0 - 0 !
2 files changed, 18 insertions(+), 7 deletions(-)

 guard against overflows in indent and flow_level
CVE 2014 2525.patch | (download)

LibYAML/scanner.c | 3 3 + 0 - 0 !
LibYAML/yaml_private.h | 7 5 + 2 - 0 !
2 files changed, 8 insertions(+), 2 deletions(-)

 cve-2014-2525: heap overflow when parsing yaml tags
  The heap overflow is caused by not properly expanding a string before
  writing to it in function yaml_parser_scan_uri_escapes in scanner.c. 
CVE 2014 9130.patch | (download)

LibYAML/scanner.c | 7 0 + 7 - 0 !
1 file changed, 7 deletions(-)

 remove invalid simple key assertion
 CVE-2014-9130: denial-of-service/application crash with untrusted
 yaml input.