Version in base suite: 1.28-1
Version in overlay suite: 1.28-1+deb11u1

Base version: snakeyaml_1.28-1+deb11u1
Target version: snakeyaml_1.28-1+deb11u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/s/snakeyaml/snakeyaml_1.28-1+deb11u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/s/snakeyaml/snakeyaml_1.28-1+deb11u2.dsc

 README.Debian.security  |    5 +++++
 changelog               |    8 ++++++++
 libyaml-snake-java.docs |    1 +
 3 files changed, 14 insertions(+)

diff -Nru snakeyaml-1.28/debian/README.Debian.security snakeyaml-1.28/debian/README.Debian.security
--- snakeyaml-1.28/debian/README.Debian.security	1970-01-01 00:00:00.000000000 +0000
+++ snakeyaml-1.28/debian/README.Debian.security	2023-02-24 21:22:25.000000000 +0000
@@ -0,0 +1,5 @@
+Note that snakeyaml isn't designed to operate on YAML data coming from untrusted
+sources, in such cases you need to apply sanitising/exception handling yourself.
+
+Please see https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md
+for additional information.
diff -Nru snakeyaml-1.28/debian/changelog snakeyaml-1.28/debian/changelog
--- snakeyaml-1.28/debian/changelog	2023-02-19 16:05:00.000000000 +0000
+++ snakeyaml-1.28/debian/changelog	2023-02-24 21:22:25.000000000 +0000
@@ -1,3 +1,11 @@
+snakeyaml (1.28-1+deb11u2) bullseye; urgency=medium
+
+  * Team upload.
+  * Install README.Debian.security and explain that snakeyaml
+    is not designed to process YAML input from untrusted sources.
+
+ -- Markus Koschany <apo@debian.org>  Fri, 24 Feb 2023 22:22:25 +0100
+
 snakeyaml (1.28-1+deb11u1) bullseye; urgency=medium
 
   * Team upload.
diff -Nru snakeyaml-1.28/debian/libyaml-snake-java.docs snakeyaml-1.28/debian/libyaml-snake-java.docs
--- snakeyaml-1.28/debian/libyaml-snake-java.docs	1970-01-01 00:00:00.000000000 +0000
+++ snakeyaml-1.28/debian/libyaml-snake-java.docs	2023-02-24 21:22:25.000000000 +0000
@@ -0,0 +1 @@
+debian/README.Debian.security