diff -Nru libyaml-0.1.4/debian/changelog libyaml-0.1.4/debian/changelog
--- libyaml-0.1.4/debian/changelog	2014-02-13 13:40:49.000000000 +0000
+++ libyaml-0.1.4/debian/changelog	2014-04-02 15:44:25.000000000 +0000
@@ -1,3 +1,13 @@
+libyaml (0.1.4-2ubuntu0.12.04.3) precise-security; urgency=medium
+
+  * SECURITY UPDATE: denial of service and possible code execution via
+    heap overflow in yaml_parser_scan_uri_escapes
+    - debian/patches/CVE-2014-2525.patch: properly handle memory in
+      src/scanner.c, src/yaml_private.h.
+    - CVE-2014-2525
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 02 Apr 2014 11:44:25 -0400
+
 libyaml (0.1.4-2ubuntu0.12.04.2) precise-security; urgency=medium
 
   * SECURITY REGRESSION: parsing regression in security update
diff -Nru libyaml-0.1.4/debian/patches/CVE-2014-2525.patch libyaml-0.1.4/debian/patches/CVE-2014-2525.patch
--- libyaml-0.1.4/debian/patches/CVE-2014-2525.patch	1970-01-01 00:00:00.000000000 +0000
+++ libyaml-0.1.4/debian/patches/CVE-2014-2525.patch	2014-04-02 15:44:20.000000000 +0000
@@ -0,0 +1,40 @@
+# HG changeset patch
+# User Kirill Simonov <xi@resolvent.net>
+# Date 1395835397 18000
+# Node ID bce8b60f0b9af69fa9fab3093d0a41ba243de048
+# Parent  d7cb9c2731c01fb5465dd61a14ebd42ce258518d
+Fixed heap overflow in yaml_parser_scan_uri_escapes (Thanks Ivan Fratric of the Google Security Team).
+
+Index: libyaml-0.1.4/src/scanner.c
+===================================================================
+--- libyaml-0.1.4.orig/src/scanner.c	2014-04-02 11:37:57.992175108 -0400
++++ libyaml-0.1.4/src/scanner.c	2014-04-02 11:37:57.984175108 -0400
+@@ -2629,6 +2629,9 @@
+         /* Check if it is a URI-escape sequence. */
+ 
+         if (CHECK(parser->buffer, '%')) {
++            if (!STRING_EXTEND(parser, string))
++                goto error;
++
+             if (!yaml_parser_scan_uri_escapes(parser,
+                         directive, start_mark, &string)) goto error;
+         }
+Index: libyaml-0.1.4/src/yaml_private.h
+===================================================================
+--- libyaml-0.1.4.orig/src/yaml_private.h	2014-04-02 11:37:57.992175108 -0400
++++ libyaml-0.1.4/src/yaml_private.h	2014-04-02 11:37:57.988175108 -0400
+@@ -134,9 +134,12 @@
+      (string).start = (string).pointer = (string).end = 0)
+ 
+ #define STRING_EXTEND(context,string)                                           \
+-    (((string).pointer+5 < (string).end)                                        \
++    ((((string).pointer+5 < (string).end)                                       \
+         || yaml_string_extend(&(string).start,                                  \
+-            &(string).pointer, &(string).end))
++            &(string).pointer, &(string).end)) ?                                \
++         1 :                                                                    \
++        ((context)->error = YAML_MEMORY_ERROR,                                  \
++         0))
+ 
+ #define CLEAR(context,string)                                                   \
+     ((string).pointer = (string).start,                                         \
diff -Nru libyaml-0.1.4/debian/patches/series libyaml-0.1.4/debian/patches/series
--- libyaml-0.1.4/debian/patches/series	2014-02-13 13:40:45.000000000 +0000
+++ libyaml-0.1.4/debian/patches/series	2014-04-02 15:44:20.000000000 +0000
@@ -1 +1,2 @@
 CVE-2013-6393.patch
+CVE-2014-2525.patch