Debian Patches
Status for libyaml-syck-perl/1.34-2+deb13u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| disable-compiler-check.patch | Disable compiler check. This is not needed in a Debian build environment, and more importantly, it breaks cross-builds. |
gregor herrmann <gregoa@debian.org> | not-needed | debian | vendor | 2020-02-04 |
| Address-memory-corruption-leading-to-str-value-being.patch | Address memory corruption leading to 'str' value being set on empty keys When yaml is parsed, qstr is allocated In cases when the keys point to empty values there is no value copied to qstr and no null value is copied in |
Timothy Legge <timlegge@gmail.com> | yes | upstream | https://github.com/cpan-authors/YAML-Syck/commit/dcf4c8477b82ef439f43fd20dc099082d096df02 | 2025-10-09 |
| fix-address-all-4-C-layer-audit-findings-from-issue-.patch | fix: address all 4 C-layer audit findings from issue #67 - HIGH: Fix heap buffer overflow in emitter tag buffer. The 512-byte fixed allocation overflowed via strcat(tag, ref) with long class names. Now tracks buffer size and grows dynamically with Renew() when needed. - MEDIUM: Fix base64 decoder reading past buffer end on trailing newlines. Added s < send guard to the inner whitespace-skip loop. - MEDIUM: Replace strtok(id, "/:") with savepv copy + strtok at all 6 call sites in the parser handler. strtok mutated n->type_id in place, corrupting shared node data. Each site now operates on a local copy that is freed after use. - LOW: Fix memory leak in syck_hdlr_add_anchor when a node already has an anchor. The incoming anchor string 'a' was leaked on early return. Closes #67 |
Toddr Bot <toddbot@rinaldo.us> | no | https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e | 2026-03-14 |
All known versions for source package 'libyaml-syck-perl'
- 1.36-3 (sid)
- 1.36-2 (forky)
- 1.34-2+deb13u2 (trixie-security, trixie)
- 1.34-2+deb12u2 (bookworm-security, bookworm)