CVE-2024-35326, CVE-2024-35328, CVE-2024-35329

[perlpunk]

The following CVEs I do not consider as vulnerabilties:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35326 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35326.c
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35328 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35328.c
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35329 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35329.c

They are all missing to initialize structs with the according proper functions for that, so there doesn't exist any working code that could be exploited. I already contacted mitre.org for CVE-2024-35329 over a month ago to reject this, but no reply :(

There has already been some discussion in #298 but I decided to create a new issue because the thread is hard to read because of the discussion of how those CVEs were (not) reported and published.