This is a cherry-picked upstream commit [0] that fixes CVE-2014-9130 [1]. Debian used the same patch. You can find it by clicking on VCS here: https://tracker.debian.org/pkg/libyaml
I don't link directly to that VCS because the repo is on the maintainer's domain, so you should follow the link from Debian's domain yourself. [0] https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130 Leo Famulari (1): gnu: libyaml: Fix CVE-2014-9130. gnu/local.mk | 1 + gnu/packages/patches/libyaml-CVE-2014-9130.patch | 30 ++++++++++++++++++++++++ gnu/packages/web.scm | 3 ++- 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libyaml-CVE-2014-9130.patch -- 2.8.3
