lp://qastaging/ubuntu/utopic-updates/libyaml
- Get this branch:
- bzr branch lp://qastaging/ubuntu/utopic-updates/libyaml
Branch merges
Branch information
Recent revisions
- 13. By Steve Beattie
-
* SECURITY UPDATE: denial of service via triggered assertion
- debian/patches/ CVE-2014- 9130.patch: remove assertion
- CVE-2014-9130 - 12. By Anders Kaseorg
-
* New upstream version 0.1.6.
+ Fix CVE-2013-6393: heap-based buffer overflow when parsing YAML
tags.
+ Fix CVE-2014-2525: heap-based buffer overflow in
yaml_parser_ scan_uri_ escapes.
* Drop upstreamed patches.
* Run tests at build time.
* Bump Standards-Version to 3.9.5 (no changes needed).
* Use dh-autoreconf. (Closes: #745078)
* Use dh-buildinfo.
* Add libyaml-doc package for Doxygen-generated API documentation and
examples. (Closes: #696821)
* Acknowledge NMUs. - 11. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
heap overflow in yaml_parser_scan_uri_ escapes
- debian/patches/ CVE-2014- 2525.patch: properly handle memory in
src/scanner.c, src/yaml_private.h.
- CVE-2014-2525 - 10. By Marc Deslauriers
-
* SECURITY REGRESSION: parsing regression in security update
(LP: #1279805)
- debian/patches/ CVE-2013- 6393.patch: use upstream commits from 0.1.5.
- debian/patches/ libyaml- string- overflow. patch: removed
- debian/patches/ libyaml- node-id- hardening. patch: removed
- debian/patches/ libyaml- indent- column- overflow- v2.patch: removed - 9. By Marc Deslauriers
-
* Merge from Debian. Remaining changes:
- debian/{rules, control} : build-depend on dh-autoreconf and use it. - 6. By Anders Kaseorg
-
* Remove extra libyaml-0.so symlink from libyaml-dev.
* Bump Debhelper compat level to 9.
* Support multiarch. (Closes: #653748) (LP: #905630)
* Use 3.0 (quilt) source format. - 5. By Anders Kaseorg
-
* New upstream version 0.1.4.
+ Fixed a bug that prevented an empty mapping being used as a simple
key.
+ Fixed pointer overflow when calculating the position of a potential
simple key.
+ Added pkg-config support. (Closes: #537834)
* Remove unneded libyaml.la file. (Closes: #622452)
* Add libyaml-0-2-dbg package with debugging symbols.
(Closes: #592747)
* Bumped standards version to 3.9.2 without further change - 4. By Anders Kaseorg
-
* New upstream version 0.1.3.
+ This release fixes non-standard structure initialization and a
streaming-related issue.
* Bump priority from extra to optional.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/ubuntu/vivid/libyaml