YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl.
YAML-LibYAML uses the legacy '2-arg' open() call which is susceptible to shell injection via malicious filenames.
Shell injection may be used to execute arbitrary code using a malicious filename.
There is no known workaround at this time.
All YAML-LibYAML users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/YAML-LibYAML-0.903.0"