| Release | Version |
|---|---|
| bullseye | 1.34-1 |
| bullseye (security) | 1.34-1+deb11u1 |
| bookworm | 1.34-2+deb12u2 |
| trixie | 1.34-2+deb13u2 |
| forky | 1.36-2 |
| sid | 1.36-3 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-5089 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | fixed | YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. ... |
| Bug | Description |
|---|---|
| CVE-2026-4177 | YAML::Syck versions through 1.36 for Perl has several potential securi ... |
| CVE-2025-11683 | YAML::Syck versions before 1.36 for Perl has missing null-terminators ... |
| DSA / DLA | Description |
|---|---|
| DLA-4525-1 | libyaml-syck-perl - security update |
| DSA-6175-1 | libyaml-syck-perl - security update |