libyaml-libyaml-perl (0.41-6) unstable; urgency=high * Team upload. * Add CVE-2014-9130.patch patch. Fix CVE-2014-9130: assertion failure caused by wrapped strings. (Closes: 771365) -- Salvatore Bonaccorso Sat, 29 Nov 2014 08:23:09 +0100 libyaml-libyaml-perl (0.41-5) unstable; urgency=high * Team upload. [ gregor herrmann ] * Strip trailing slash from metacpan URLs. [ Salvatore Bonaccorso ] * Add CVE-2014-2525.patch patch. CVE-2014-2525: Heap overflow when parsing YAML tags. The heap overflow is caused by not properly expanding a string before writing to it in function yaml_parser_scan_uri_escapes in scanner.c. -- Salvatore Bonaccorso Sun, 23 Mar 2014 08:32:24 +0100 libyaml-libyaml-perl (0.41-4) unstable; urgency=medium * Team upload. * Add libyaml-string-overflow.patch patch. Addresses CVE-2013-6393 for the LibYAML embedded copy in YAML::LibYAML. * Add libyaml-node-id-hardening.patch patch. Guard against integer overflow. * Add libyaml-guard-against-overflows-in-indent-and-flow_level.patch patch. Guard against overflows in indent and flow_level. -- Salvatore Bonaccorso Sun, 23 Feb 2014 22:28:32 +0100 libyaml-libyaml-perl (0.41-3) unstable; urgency=medium * Team upload. * Revert applying libyaml-node-id-hardening.patch patch, libyaml-indent-column-overflow-v2.patch and libyaml-string-overflow.patch patch as this uncovered a regression on libyaml's side, discovered when rebuilding the packages with build-dependency on libyaml-libyaml-perl. -- Salvatore Bonaccorso Mon, 10 Feb 2014 16:16:32 +0100 libyaml-libyaml-perl (0.41-2) unstable; urgency=medium * Team upload. * Add libyaml-string-overflow.patch patch. Addresses CVE-2013-6393 for the LibYAML embedded copy in YAML::LibYAML. * Add libyaml-indent-column-overflow-v2.patch. Addresses regression for the initial patch for CVE-2013-6393. * Add libyaml-node-id-hardening.patch patch. Guard against integer overflow. * Declare compliance with Debian Policy 3.9.5 -- Salvatore Bonaccorso Sun, 09 Feb 2014 00:16:03 +0100 libyaml-libyaml-perl (0.41-1) unstable; urgency=low [ Salvatore Bonaccorso ] * Change Vcs-Git to canonical URI (git://anonscm.debian.org) * Change search.cpan.org based URIs to metacpan.org based URIs [ gregor herrmann ] * New upstream release. * Update years of copyright. * Add patch to disable maintainer helper script. * Drop build dependency on not (yet) used libyaml-dev. * Declare compliance with Debian Policy 3.9.4. -- gregor herrmann Fri, 11 Oct 2013 18:37:51 +0200 libyaml-libyaml-perl (0.38-3) unstable; urgency=low * Document copyright and license for embedded libyaml. Thanks to Niko Tyni for spotting. (Closes: #664196) * Bump debhelper build dependency to 9.20120312 to get all hardening flags. * Fix a grammatical error in the long description. -- gregor herrmann Fri, 16 Mar 2012 21:49:42 +0100 libyaml-libyaml-perl (0.38-2) unstable; urgency=medium * Team upload. [ Julián Moreno Patiño ] * Enable hardening flags. (Closes: #661548) + Switch compat level 8 to 9. + Add fix_ftbfs_hardening_flags.diff patch. + Bump debhelper version to 9. * Bump Standards-Version to 3.9.3. + Update to DEP5 copyright-format 1.0. + Add /me to debian copyright. [ Niko Tyni ] * Note that this fixes CVE-2012-1152. * Upload at urgency=medium -- Niko Tyni Sat, 10 Mar 2012 08:57:07 +0200 libyaml-libyaml-perl (0.38-1) unstable; urgency=low * New upstream release. * Update copyright years. -- gregor herrmann Tue, 10 Jan 2012 19:09:44 +0100 libyaml-libyaml-perl (0.37-1) unstable; urgency=low [ Ansgar Burchardt ] * debian/control: Convert Vcs-* fields to Git. [ Salvatore Bonaccorso ] * debian/copyright: Replace DEP5 Format-Specification URL from svn.debian.org to anonscm.debian.org URL. [ gregor herrmann ] * New upstream release. * Update copyright years for inc/Module/*. * Add /me to Uploaders. -- gregor herrmann Sat, 01 Oct 2011 17:23:11 +0200 libyaml-libyaml-perl (0.35-1) unstable; urgency=low * Team upload. * New upstream release * debian/copyright: - Update copyright years. - Explicitly point to GPL-1 license text in common-licenses. - Refer to Debian systems in general instead of only Debian GNU/Linux systems. * Bump Debhelper compat level to 8. * debian/control: Bump versioned Build-Depends on debhelper to (>= 8). * Bump Standards-Version to 3.9.2. -- Salvatore Bonaccorso Fri, 15 Apr 2011 22:41:15 +0200 libyaml-libyaml-perl (0.34-1) unstable; urgency=low * New upstream release * Update Standards-Version to 3.9.1 (no changes) * Added me to Uploaders (debian/control) and debian/copyright file -- Krzysztof Krzyżaniak (eloy) Fri, 24 Sep 2010 17:35:42 +0200 libyaml-libyaml-perl (0.33-1) unstable; urgency=low [ Jonathan Yu ] * New upstream release (Closes: #578629). * This version has fixes for Perl 5.12 * Use new 3.0 (quilt) source format * Use new DEP5 copyright format * Rewrite control description * Standards-Version 3.8.4 (drop perl version dep) * Add myself to Uploaders and Copyright [ Nathan Handler ] * debian/watch: Update to ignore development releases. [ Ryan Niebur ] * Update ryan52's email address [ gregor herrmann ] * debian/copyright: update years of upstream copyright. -- Jonathan Yu Sun, 02 May 2010 10:52:35 -0400 libyaml-libyaml-perl (0.32-1) unstable; urgency=low * Initial Release. (Closes: #531150) -- Ryan Niebur Mon, 01 Jun 2009 02:17:22 -0700