-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jul 2023 19:55:30 +0200 Source: yajl Binary: libyajl-dev libyajl2 libyajl2-dbgsym yajl-tools yajl-tools-dbgsym Architecture: amd64 Version: 2.1.0-3+deb11u2 Distribution: bullseye Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Tobias Frost Description: libyajl-dev - Yet Another JSON Library - development files libyajl2 - Yet Another JSON Library yajl-tools - Yet Another JSON Library - tools Closes: 1039984 1040036 Changes: yajl (2.1.0-3+deb11u2) bullseye; urgency=medium . [Tobias Frost] * Non-maintainer upload. * Cherry pick John's CVE fixes from 2.1.0-4 and 2.1.0-5: - CVE-2017-16516: Potential in a denial of service with crafted JSON file - CVE-2022-24795: integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. - CVE-2023-33460: memory leak which potentially can lead to a out-of- memory situation and cause a crash. . [John Stamp] * Patch CVE-2017-16516 and CVE-2022-24795 (Closes: #1040036) * The patch for CVE-2023-33460 turned out to be incomplete. Fix that. (Closes: #1039984) Checksums-Sha1: 79f1834c6c6d2b2ed3c43445dc20c4598258ade3 32796 libyajl-dev_2.1.0-3+deb11u2_amd64.deb e7f9878e7d371acbeba425da76c11bd97a87a30d 40832 libyajl2-dbgsym_2.1.0-3+deb11u2_amd64.deb b0d6e8f54b572ca2ac436471a6b58bde730d636a 24184 libyajl2_2.1.0-3+deb11u2_amd64.deb 87e99dc852eb23172d01997e7f222a4cfb230045 12856 yajl-tools-dbgsym_2.1.0-3+deb11u2_amd64.deb 955c9d582670e761cd15d36d88e84dcf3f73aa38 14616 yajl-tools_2.1.0-3+deb11u2_amd64.deb 69a395e2e0bf245897ae868c74bbd739b10ee8a1 8023 yajl_2.1.0-3+deb11u2_amd64-buildd.buildinfo Checksums-Sha256: f83fd59d028de4bc2e3201d092d96a34edbcbbb9ca89ba6f0b4acd3b051fc280 32796 libyajl-dev_2.1.0-3+deb11u2_amd64.deb 1d5fec67378d79d39bb83e5b5fff89007b97ea146032f4c5f5ce4c08de6ec90e 40832 libyajl2-dbgsym_2.1.0-3+deb11u2_amd64.deb 6ac82eeab4a6da1f7d089e90b5396f48b568ac4555ab9ef7333feb2c915dbfd1 24184 libyajl2_2.1.0-3+deb11u2_amd64.deb bb53a5b72f248241fdee03d948b28ea9c47f9efbd388045aed825d23ae775358 12856 yajl-tools-dbgsym_2.1.0-3+deb11u2_amd64.deb 5c1af41cc591a863100a6f0fa59ab3e760e216dc06df736739487c1fb20e8f9d 14616 yajl-tools_2.1.0-3+deb11u2_amd64.deb 83570f008dde768e16d48a61e57bbba06aaa93f95c4988385af93b1a92c2a3ba 8023 yajl_2.1.0-3+deb11u2_amd64-buildd.buildinfo Files: 590499ef3a64c63de22cfd3dd3ec2edd 32796 libdevel optional libyajl-dev_2.1.0-3+deb11u2_amd64.deb 6c0f3670045c3a4aa56c5737b33c9e29 40832 debug optional libyajl2-dbgsym_2.1.0-3+deb11u2_amd64.deb efb6ca0dd24ab446cbf6b53602c5f573 24184 libs optional libyajl2_2.1.0-3+deb11u2_amd64.deb bdd0071d2d37283de4eb2a2ff54f3444 12856 debug optional yajl-tools-dbgsym_2.1.0-3+deb11u2_amd64.deb f95826055b33842853d9d8287b8f744d 14616 utils optional yajl-tools_2.1.0-3+deb11u2_amd64.deb 09e382ecbf8d50df90d42396448929c5 8023 libs optional yajl_2.1.0-3+deb11u2_amd64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE85oDfSLnwLkvY4Ibj5YjFeDZ0JMFAmS+4oUACgkQj5YjFeDZ 0JM/GA//dvrnY18/Z9AlitEsoFbnyU2STvcrIJbr6PYlBibjccRwf39OJ5D91mF/ PmUYtdfUf3yZvr7l2snMZ2JUUVN1/03e/66mYutpLQ3tecjXPdlWWOrMhH8ITt+r tPmytNQEzbceITW6ZDBY+L1aViHy8hsXDBRShVgEXbSYquE2iKzoq3sW+7VjO1KJ 8V8vwXFMjNzvdbSewuSdT9ZWMH+E4QZBeHCx/2g2RxePsYpvTKXOAvBqvDRUCu6M 9YoomMBvA7ZLbBmcUsHjJ7LA/O+5mtlJvafMy8FShAcAyiSviatj3tmb44tI4bh5 Krdr98t2D+2Uid65brUDGf1cRJmU5ZhrxShx0zcSEsdClS2Z0bdjxg5ZcmRhw8Qb smzNaRTMNHlJJ+ULrDFSXtFroLg9vql5NMmhM0XIFnY4fVF4Mja+u441+mh6zP4u xR4onkKk8ZZmqzvDTdqNJy4kAK99vIi/zoL0rPKqHxmvmq696fnJdJDaI5z2gCp7 9MV0PrOVPg3F22PLMXJ7oeZke5ihGbn+efLVQEL1dgwHnBJYP96nCMvQOjAmz3R6 RGKCdO/TqJfEyBTJLSmCSXtNTZVdyemoi73vRwxA4T1LDcozRnT3Pnk+KcgRpyrV SvxUQ2YCUKrcUbQGy/SZEgHoBYTMDAL2Aca+YS0FQmqKOIK2YaA= =kLE7 -----END PGP SIGNATURE-----