Sat Mar 29 10:25:19 2014 UTC ()

We already have fix for CVE-2014-2525 in libyaml-0.1.5nb1.
Thanks to wiz@ noted via private e-mail.


(taca)

diff -r1.13115 -r1.13116 pkgsrc/doc/TODO

--- pkgsrc/doc/TODO 2014/03/29 09:39:37 1.13115
+++ pkgsrc/doc/TODO 2014/03/29 10:25:19 1.13116

 @@ -1,14 +1,14 @@
-$NetBSD: TODO,v 1.13115 2014/03/29 09:39:37 taca Exp $
+$NetBSD: TODO,v 1.13116 2014/03/29 10:25:19 taca Exp $
 Suggested new packages
 ======================
 	Any unresolved PRs (if you have commit access)
 	http://gnats.NetBSD.org/summary/category/pkg.html
 	Any complete, polished packages in pkgsrc-wip (ditto)
 	http://pkgsrc-wip.sourceforge.net/
 	bacula-rescue
 	Scripts used to help create rescue boot CDs for bare metal
 	restores with Bacula.  Scripts exist for Linux, Solaris, and
 @@ -767,27 +767,27 @@ For possible Perl packages updates, see
 	o libssh2-1.4.2
 	o libstree-0.4.3pre2 [pkg/43748]
 	o libtar-1.2.20
 	o libtcl-nothread-8.5.1
 	o libthrift-0.8.0
 	o libusb-1.0.18
 	o libusbx-1.0.18 [but actually obsolete, switch to libusb]
 	o libuuid-2.24.1
 	o libv4l-0.8.5
 	o libvdpau-0.7
 	o libwildmidi-0.3.5
 	o libxdg-basedir-1.2.0
 	o libxklavier-5.3
-	o libyaml-0.1.6 [CVE-2014-2525]
+	o libyaml-0.1.6 [CVE-2014-2525, already fixed in libyaml-0.1.5nb1]
 	o licq-1.3.8
 	o liferea-1.10.7
 	o lighttpd-1.4.35
 	o lincvs-2.1.4 [now called CrossVC]
 	o liquidwar-6.0.0.11
 	o lldpd-0.7.7 [wip, perl module path]
 	o lmbench-2.5 [http://lmbench.sourceforge.net/]
 	o lottanzb-0.5.3
 	o lq-sp-1.3.4.13
 	o lsh-2.1
 	o ltris-1.0.19
 	o lwm-1.2.3
 	o m17n-db-1.6.5