diff -Nru libyaml-0.1.6/debian/changelog libyaml-0.1.6/debian/changelog
--- libyaml-0.1.6/debian/changelog	2014-08-20 01:56:30.000000000 +0000
+++ libyaml-0.1.6/debian/changelog	2014-11-29 03:05:34.000000000 +0000
@@ -1,3 +1,11 @@
+libyaml (0.1.6-3) unstable; urgency=high
+
+  * debian/patches/CVE-2014-9130.patch: Fix CVE-2014-9130 assertion
+    failure caused by wrapped strings.  (Closes: #771366)
+  * Bump Standards-Version to 3.9.6 (no changes needed).
+
+ -- Anders Kaseorg <andersk@mit.edu>  Fri, 28 Nov 2014 22:05:10 -0500
+
 libyaml (0.1.6-2) unstable; urgency=medium
 
   * Move doxygen from Build-Depends to Build-Depends-Indep.
diff -Nru libyaml-0.1.6/debian/control libyaml-0.1.6/debian/control
--- libyaml-0.1.6/debian/control	2014-08-20 01:55:23.000000000 +0000
+++ libyaml-0.1.6/debian/control	2014-11-29 03:04:41.000000000 +0000
@@ -8,7 +8,7 @@
  dh-buildinfo (>= 0.9+nmu1~),
  dh-autoreconf
 Build-Depends-Indep: doxygen
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
 Homepage: http://pyyaml.org/wiki/LibYAML
 Vcs-Git: git://andersk.mit.edu/libyaml.git
 Vcs-Browser: http://andersk.mit.edu/gitweb/libyaml.git
diff -Nru libyaml-0.1.6/debian/control.in libyaml-0.1.6/debian/control.in
--- libyaml-0.1.6/debian/control.in	2014-08-20 01:55:07.000000000 +0000
+++ libyaml-0.1.6/debian/control.in	2014-11-29 03:04:41.000000000 +0000
@@ -4,7 +4,7 @@
 Maintainer: Anders Kaseorg <andersk@mit.edu>
 Build-Depends: @cdbs@
 Build-Depends-Indep: doxygen
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
 Homepage: http://pyyaml.org/wiki/LibYAML
 Vcs-Git: git://andersk.mit.edu/libyaml.git
 Vcs-Browser: http://andersk.mit.edu/gitweb/libyaml.git
diff -Nru libyaml-0.1.6/debian/patches/CVE-2014-9130.patch libyaml-0.1.6/debian/patches/CVE-2014-9130.patch
--- libyaml-0.1.6/debian/patches/CVE-2014-9130.patch	1970-01-01 00:00:00.000000000 +0000
+++ libyaml-0.1.6/debian/patches/CVE-2014-9130.patch	2014-11-29 03:04:24.000000000 +0000
@@ -0,0 +1,32 @@
+From: Kirill Simonov <xi@resolvent.net>
+Subject: Removed invalid simple key assertion (thank to Jonathan Gray).
+Origin: upstream, https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
+Bug: https://bitbucket.org/xi/libyaml/issue/10
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771366
+Last-Update: 2014-11-28
+
+---
+ src/scanner.c | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/src/scanner.c b/src/scanner.c
+index 88d4fa5..5ec0be0 100644
+--- a/src/scanner.c
++++ b/src/scanner.c
+@@ -1106,13 +1106,6 @@ yaml_parser_save_simple_key(yaml_parser_t *parser)
+             && parser->indent == (ptrdiff_t)parser->mark.column);
+ 
+     /*
+-     * A simple key is required only when it is the first token in the current
+-     * line.  Therefore it is always allowed.  But we add a check anyway.
+-     */
+-
+-    assert(parser->simple_key_allowed || !required);    /* Impossible. */
+-
+-    /*
+      * If the current position may start a simple key, save it.
+      */
+ 
+-- 
+2.2.0
+
diff -Nru libyaml-0.1.6/debian/patches/series libyaml-0.1.6/debian/patches/series
--- libyaml-0.1.6/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ libyaml-0.1.6/debian/patches/series	2014-11-29 03:04:24.000000000 +0000
@@ -0,0 +1 @@
+CVE-2014-9130.patch