X-Git-Url: http://andersk.mit.edu/gitweb/libyaml.git/blobdiff_plain/d27f450912bc7352fbd20d3c69193f7f98ab37c7..b46834b37908d8052738f5b150970b56dc629fd5:/debian/changelog

diff --git a/debian/changelog b/debian/changelog
index 0720883..8ff9a6c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,58 @@
-libyaml (0.1.4-1) UNRELEASED; urgency=low
+libyaml (0.1.5-1) UNRELEASED; urgency=medium
+
+  * New upstream version 0.1.5.
+    + Fix CVE-2013-6393: heap-based buffer overflow when parsing YAML
+      tags.
+  * Drop upstreamed patches.
+  * Run tests at build time.
+  * Bump Standards-Version to 3.9.5 (no changes needed).
+  * Use dh-autoreconf.
+  * Use dh-buildinfo.
+  * Add libyaml-doc package for Doxygen-generated API documentation and
+    examples.  (Closes: #696821)
+  * Acknowledge NMUs.
+
+ -- Anders Kaseorg <andersk@mit.edu>  Sun, 23 Feb 2014 21:48:49 -0500
+
+libyaml (0.1.4-3.2) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Add CVE-2014-2525.patch patch.
+    CVE-2014-2525: Fixes heap overflow in yaml_parser_scan_uri_escapes.
+    The heap overflow is caused by not properly expanding a string before
+    writing to it in function yaml_parser_scan_uri_escapes in scanner.c.
+    (Closes: #742732)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 27 Mar 2014 06:22:25 +0100
+
+libyaml (0.1.4-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Drop libyaml-indent-column-overflow-v2.patch patch.
+    This patch causes additional regressions on simple YAML files.
+  * Add libyaml-guard-against-overflows-in-indent-and-flow_level.patch patch.
+    Add upstream's patch to guard against overflows in indent and
+    flow_level. (Closes: #738587)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 13 Feb 2014 07:51:58 +0100
+
+libyaml (0.1.4-3) unstable; urgency=high
+
+  * Fix CVE-2013-6393: heap-based buffer overflow when parsing YAML tags.
+    (Closes: #737076)
+
+ -- Anders Kaseorg <andersk@mit.edu>  Wed, 29 Jan 2014 20:11:48 -0500
+
+libyaml (0.1.4-2) unstable; urgency=low
+
+  * Remove extra libyaml-0.so symlink from libyaml-dev.
+  * Bump Debhelper compat level to 9.
+  * Support multiarch.  (Closes: #653748) (LP: #905630)
+  * Use 3.0 (quilt) source format.
+
+ -- Anders Kaseorg <andersk@mit.edu>  Fri, 30 Dec 2011 17:14:52 -0500
+
+libyaml (0.1.4-1) unstable; urgency=low
 
   * New upstream version 0.1.4.
     + Fixed a bug that prevented an empty mapping being used as a simple
@@ -7,8 +61,11 @@ libyaml (0.1.4-1) UNRELEASED; urgency=low
       simple key.
     + Added pkg-config support.  (Closes: #537834)
   * Remove unneded libyaml.la file.  (Closes: #622452)
+  * Add libyaml-0-2-dbg package with debugging symbols.
+    (Closes: #592747)
+  * Bumped standards version to 3.9.2 without further change
 
- -- Anders Kaseorg <andersk@mit.edu>  Mon, 30 May 2011 19:52:27 -0400
+ -- Anders Kaseorg <andersk@mit.edu>  Mon, 30 May 2011 22:27:27 -0400
 
 libyaml (0.1.3-1) unstable; urgency=low