-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jul 2023 19:55:30 +0200 Source: yajl Binary: libyajl-doc Architecture: all Version: 2.1.0-3+deb11u2 Distribution: bullseye Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Tobias Frost Description: libyajl-doc - Yet Another JSON Library - library documentation Closes: 1039984 1040036 Changes: yajl (2.1.0-3+deb11u2) bullseye; urgency=medium . [Tobias Frost] * Non-maintainer upload. * Cherry pick John's CVE fixes from 2.1.0-4 and 2.1.0-5: - CVE-2017-16516: Potential in a denial of service with crafted JSON file - CVE-2022-24795: integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. - CVE-2023-33460: memory leak which potentially can lead to a out-of- memory situation and cause a crash. . [John Stamp] * Patch CVE-2017-16516 and CVE-2022-24795 (Closes: #1040036) * The patch for CVE-2023-33460 turned out to be incomplete. Fix that. (Closes: #1039984) Checksums-Sha1: 32fd16a8520e64fe25c283088950465cd08ec2cb 104888 libyajl-doc_2.1.0-3+deb11u2_all.deb 017d564424e8b924fa000e3ca2707a698d0c954d 6866 yajl_2.1.0-3+deb11u2_all-buildd.buildinfo Checksums-Sha256: 8d6351739071070af83bdee65ee25948cf5ece5565da8298cafafb0742e1c2b7 104888 libyajl-doc_2.1.0-3+deb11u2_all.deb 69bfb8ae8bf0621d53df8e3543860491bd0e31a3a25501d8f13c67f8814a8bdb 6866 yajl_2.1.0-3+deb11u2_all-buildd.buildinfo Files: 9261f6a220a5d6174623d56a396d6759 104888 doc optional libyajl-doc_2.1.0-3+deb11u2_all.deb dfae102c257dc1663441a6c9a7920884 6866 libs optional yajl_2.1.0-3+deb11u2_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzW1K1578DQd6MDTQEbLkkg2OS0oFAmS+4wAACgkQEbLkkg2O S0qfMw/+MsH5jZrj4OaLGywIBeKIHxkYr4g1JV/Pn+IxoVgm7sFEV04BWNpVj13Z Nh55ZwvF5uYbNXu2PqZYM4flcHN+sOXM9YiK7ebxyhPKCXM6tFYgsNSdkO1i8gK6 j+pWvjPJHqMjYDEd+0+pKUIJdpUnNzTBZkhwxO9569Xrb0DhsKugspZIrljy9/Ts vx65AV+yki8QnCLYCiHXCmkn/o0AuDPPFszHqkfWZMcU/tmqBVG7+r/QXnLKCaNB Zclv9syl28TWIElgo/3IXsAQ8KkhvXa1SoqBsWOWjLmyEpIxPO2w3eLf/9KTXKiP eIiRLDNrineij9Foherr6x1vEThQS5M0/Z4F7Y/J2lXNYyZ4J3+OtF4D/lD1IQXC 1GYnv5HEaypCA/lX/MFWdYOWIf3HGOKGqAgV2CmMfjjO281XKjWO98RBx0DooOiM WpTFaOouvO1bhd2Kv044ANju3wqEZT9XqdYxfM8g438qo6HrG+a7T8WSr+nQ9/5H 7b+Bt92WG3RomTJzp5n5UAqpClFzV5D1FJoJrQnXhUwdg70fbQwW6F/6XKM+c01a LX/tE8zSczDIdzYbDoj6agJSKfyf794diI2HUELRHMEjqUcP95rk4Oi91lffu/bu 39ncG7FE8qxU8UOeLOIhzt0/WORyhkgheiBx0Jkla6qMaEy3NP8= =QlnG -----END PGP SIGNATURE-----