UbuntuUpdates.org

Package "libyaml-0-2"

Name: libyaml-0-2

Description:

Fast YAML 1.1 parser and emitter library
Latest version: 0.1.4-2ubuntu0.12.04.4
Release: precise (12.04)
Level: security
Repository: main
Head package: libyaml
Homepage: http://pyyaml.org/wiki/LibYAML

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libyaml-0-2"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libyaml-0-2" in Precise

Repository Area Version
base main 0.1.4-2
updates main 0.1.4-2ubuntu0.12.04.4

Changelog

Version: 0.1.4-2ubuntu0.12.04.4 2015-01-12 23:06:31 UTC

  libyaml (0.1.4-2ubuntu0.12.04.4) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via triggered assertion
    - debian/patches/CVE-2014-9130.patch: remove assertion
    - CVE-2014-9130
 -- Steve Beattie <email address hidden> Thu, 08 Jan 2015 18:17:27 -0800
Source diff to previous version
CVE-2014-9130 scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial

Version: 0.1.4-2ubuntu0.12.04.3 2014-04-03 15:06:43 UTC

  libyaml (0.1.4-2ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow in yaml_parser_scan_uri_escapes
    - debian/patches/CVE-2014-2525.patch: properly handle memory in
      src/scanner.c, src/yaml_private.h.
    - CVE-2014-2525
 -- Marc Deslauriers <email address hidden> Wed, 02 Apr 2014 11:44:25 -0400
Source diff to previous version
CVE-2014-2525 Heap-based buffer overflow in the yaml_parser_scan_uri_escapes ...

Version: 0.1.4-2ubuntu0.12.04.2 2014-02-13 16:06:59 UTC

  libyaml (0.1.4-2ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY REGRESSION: parsing regression in security update
    (LP: #1279805)
    - debian/patches/CVE-2013-6393.patch: updated to use upstream commits
      from 0.1.5.
 -- Marc Deslauriers <email address hidden> Thu, 13 Feb 2014 08:40:49 -0500
Source diff to previous version
1279805 regression in CVE-2013-6393 patch
CVE-2013-6393 heap-based buffer overflow when parsing YAML tags

Version: 0.1.4-2ubuntu0.12.04.1 2014-02-04 20:06:58 UTC

  libyaml (0.1.4-2ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    large yaml documents
    - debian/patches/CVE-2013-6393.patch: fix integer overflows in
      src/scanner.c, src/api.c.
    - CVE-2013-6393
 -- Marc Deslauriers <email address hidden> Fri, 31 Jan 2014 13:09:02 -0500
CVE-2013-6393 heap-based buffer overflow when parsing YAML tags


About   -   Send Feedback to @ubuntu_updates