1 libyaml (0.1.5-1) UNRELEASED; urgency=medium
3 * New upstream version 0.1.5.
4 + Fix CVE-2013-6393: heap-based buffer overflow when parsing YAML
6 * Drop upstreamed patches.
7 * Run tests at build time.
8 * Bump Standards-Version to 3.9.5 (no changes needed).
11 * Add libyaml-doc package for Doxygen-generated API documentation and
12 examples. (Closes: #696821)
15 -- Anders Kaseorg <andersk@mit.edu> Sun, 23 Feb 2014 21:48:49 -0500
17 libyaml (0.1.4-3.2) unstable; urgency=high
19 * Non-maintainer upload by the Security Team.
20 * Add CVE-2014-2525.patch patch.
21 CVE-2014-2525: Fixes heap overflow in yaml_parser_scan_uri_escapes.
22 The heap overflow is caused by not properly expanding a string before
23 writing to it in function yaml_parser_scan_uri_escapes in scanner.c.
26 -- Salvatore Bonaccorso <carnil@debian.org> Thu, 27 Mar 2014 06:22:25 +0100
28 libyaml (0.1.4-3.1) unstable; urgency=medium
30 * Non-maintainer upload.
31 * Drop libyaml-indent-column-overflow-v2.patch patch.
32 This patch causes additional regressions on simple YAML files.
33 * Add libyaml-guard-against-overflows-in-indent-and-flow_level.patch patch.
34 Add upstream's patch to guard against overflows in indent and
35 flow_level. (Closes: #738587)
37 -- Salvatore Bonaccorso <carnil@debian.org> Thu, 13 Feb 2014 07:51:58 +0100
39 libyaml (0.1.4-3) unstable; urgency=high
41 * Fix CVE-2013-6393: heap-based buffer overflow when parsing YAML tags.
44 -- Anders Kaseorg <andersk@mit.edu> Wed, 29 Jan 2014 20:11:48 -0500
46 libyaml (0.1.4-2) unstable; urgency=low
48 * Remove extra libyaml-0.so symlink from libyaml-dev.
49 * Bump Debhelper compat level to 9.
50 * Support multiarch. (Closes: #653748) (LP: #905630)
51 * Use 3.0 (quilt) source format.
53 -- Anders Kaseorg <andersk@mit.edu> Fri, 30 Dec 2011 17:14:52 -0500
55 libyaml (0.1.4-1) unstable; urgency=low
57 * New upstream version 0.1.4.
58 + Fixed a bug that prevented an empty mapping being used as a simple
60 + Fixed pointer overflow when calculating the position of a potential
62 + Added pkg-config support. (Closes: #537834)
63 * Remove unneded libyaml.la file. (Closes: #622452)
64 * Add libyaml-0-2-dbg package with debugging symbols.
66 * Bumped standards version to 3.9.2 without further change
68 -- Anders Kaseorg <andersk@mit.edu> Mon, 30 May 2011 22:27:27 -0400
70 libyaml (0.1.3-1) unstable; urgency=low
72 * New upstream version 0.1.3.
73 + This release fixes non-standard structure initialization and a
74 streaming-related issue.
75 * Bump priority from extra to optional.
77 -- Anders Kaseorg <andersk@mit.edu> Sun, 04 Oct 2009 14:07:18 -0400
79 libyaml (0.1.2-1) unstable; urgency=low
81 * New upstream version 0.1.2.
82 + Fixed grammar in error messages (from YAML::XS::LibYAML).
83 + Rewritten whitespace detection in the scalar analyzer and block
84 scalar writers (ported from PyYAML).
85 + Fixed emitting folded scalars with trailing breaks; Forced emitting
86 of a document end indicator when there is a possibility of ambiguous
89 -- Anders Kaseorg <andersk@mit.edu> Mon, 29 Dec 2008 21:10:48 -0500
91 libyaml (0.1.1-1) unstable; urgency=low
93 * Initial release (Closes: #484381).
95 -- Anders Kaseorg <andersk@mit.edu> Tue, 10 Jun 2008 02:37:34 -0400