Debian Security Advisory

DSA-2432-1 libyaml-libyaml-perl -- format string vulnerabilities

Date Reported:
12 Mar 2012
Affected Packages:
libyaml-libyaml-perl
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 661548.
In Mitre's CVE dictionary: CVE-2012-1152.
More information:

Dominic Hargreaves and Niko Tyni discovered two format string vulnerabilities in YAML::LibYAML, a Perl interface to the libyaml library.

For the stable distribution (squeeze), this problem has been fixed in version 0.33-1+squeeze1.

For the unstable distribution (sid), this problem has been fixed in version 0.38-2.

We recommend that you upgrade your libyaml-libyaml-perl packages.