From ${URL} : Florian Weimer of the Red Hat Product Security Team discovered a heap based buffer overflow due to integer misuse maybe triggered when parsing large yaml documents. This issue has been assigned CVE-2013-6393. https://bugzilla.redhat.com/show_bug.cgi?id=1033990 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Arches go ahead.
Stable for HPPA.
CVE-2013-6393 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6393): The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
ia64 stable
amd64 stable
x86 stable
ppc stable
ppc64 stable
sparc stable
alpha stable
arm stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
glsa request filed.
+ 27 Feb 2014; Sergey Popov <pinkbyte@gentoo.org> -libyaml-0.1.4.ebuild: + Security cleanup, wrt bug #499920
This issue was resolved and addressed in GLSA 201403-02 at http://security.gentoo.org/glsa/glsa-201403-02.xml by GLSA coordinator Mikle Kolyada (Zlogene).