[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 109-1] libyaml-libyaml-perl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libyaml-libyaml-perl
Version        : 0.33-1+squeeze4
CVE ID         : CVE-2014-9130
Debian Bug     : 771365

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the
way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and
emitter library. An attacker able to load specially crafted YAML input
into an application using libyaml could cause the application to crash.

This update corrects this flaw in the copy that is embedded in the
libyaml-libyaml-perl package.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJUjZV0XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHWqUP/Ayh/SDjkucHblkFEu43YEie
H9pXaCzUJ5s2II+fGBr56rNFcocKGbTctWFchd67B8B3nwa+n9jbpQmUiTjXhFM9
1OT9hAvSOF83aq0cKj6hxuGke16MIW0OMygHCb67K3qQTWlkxBvehyisob7Up8Hz
h6R+5HLve+BTFWkE950FKkkKyIj8IqbORdXGgV0t3o5R/IRSI2XCYfDe/499zBSO
HllnEVtLBEgh2gF8zzANFKx/Irge4RlE98wWwE0XlAJCZxzVTd3QpEB+Yb0/XSJe
oESVWbSxGn5vzo/4YYVFzxfA2xbq3LTwsqNFTzIM4UxUKnntDRK37Tb8XsYvlqvn
jOiOVF7iST/GPxHu39mlLYLp2O59mkPAX7wYwrOo6pUR9BHlf/TP3gnaDd8FernY
J3fYiJkpDRaYSTq5jbeTqoayMYndpCzzkyqgeMyASVoCU1zGOXRmQCmAGIulcUN3
MGkkrQJGsTZZ4XBK6bwtn9TWczYXknnNOROCWOI0RwwU+dFYcwJxDfoFc6F6tUSt
MoRoX1GK+k6/h27Vio9evdXpdktDI+oi7a/7BR6A17lCcxvmUMVvTMgu4TTQ3Sv5
wWCWAZimdw/ci6Voc90pRFaj36cuyBsWVOY6ihDjToBiDLOFS/svRIzzSXhvs8hg
J+8pFVtESoDLjawz3RoG
=VGjG
-----END PGP SIGNATURE-----


Reply to: