Very accurate and script-kiddie-friendly exploits are publicly available for both vulnerablities. It is possible that crimeware distributors will start exploiting this for drive-by downloads. Therefore, please install the latest upgraded version of Yahoo Messenger (ver 220.127.116.111) as soon as possible. Yahoo will start distributing the new version soon through an automatic update, but until that happens, you will need to install the new version manually by going to the Yahoo Messenger download page.
Don't wait for Yahoo to make the fix available via their automatic update process. Instead, update Yahoo Messenger as soon as possible.