• l/libyaml-0.1.6-x86_64-1.txz (Security fix)
• n/php-5.4.27-x86_64-1.txz (Security fix)

Mon Apr 21 20:09:48 UTC 2014
l/libyaml-0.1.6-x86_64-1.txz:  Upgraded.
  This update fixes a heap overflow in URI escape parsing of YAML in Ruby,
  where a specially crafted string could cause a heap overflow leading to
  arbitrary code execution.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525
    https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
  (* Security fix *)
n/php-5.4.27-x86_64-1.txz:  Upgraded.
  This update fixes a security issue in the in the awk script detector
  which allows context-dependent attackers to cause a denial of service
  (CPU consumption) via a crafted ASCII file that triggers a large amount
  of backtracking.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
  (* Security fix *)