The following two security updates has been released for Debian 6 LTS:
[DLA 109-1] libyaml-libyaml-perl security update
[DLA 110-1] libyaml security update
[DLA 109-1] libyaml-libyaml-perl security update
[DLA 110-1] libyaml security update
[DLA 109-1] libyaml-libyaml-perl security update
Package : libyaml-libyaml-perl
Version : 0.33-1+squeeze4
CVE ID : CVE-2014-9130
Debian Bug : 771365
Jonathan Gray and Stanislaw Pitucha found an assertion failure in the
way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and
emitter library. An attacker able to load specially crafted YAML input
into an application using libyaml could cause the application to crash.
This update corrects this flaw in the copy that is embedded in the
libyaml-libyaml-perl package.
[DLA 110-1] libyaml security update
Package : libyaml
Version : 0.1.3-1+deb6u5
CVE ID : CVE-2014-9130
Debian Bug : 771366
Jonathan Gray and Stanislaw Pitucha found an assertion failure in the
way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and
emitter library. An attacker able to load specially crafted YAML input
into an application using libyaml could cause the application to crash.