-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jul 2023 19:55:30 +0200 Source: yajl Binary: libyajl-dev libyajl2 libyajl2-dbgsym yajl-tools yajl-tools-dbgsym Architecture: arm64 Version: 2.1.0-3+deb11u2 Distribution: bullseye Urgency: medium Maintainer: arm Build Daemon (arm-conova-04) Changed-By: Tobias Frost Description: libyajl-dev - Yet Another JSON Library - development files libyajl2 - Yet Another JSON Library yajl-tools - Yet Another JSON Library - tools Closes: 1039984 1040036 Changes: yajl (2.1.0-3+deb11u2) bullseye; urgency=medium . [Tobias Frost] * Non-maintainer upload. * Cherry pick John's CVE fixes from 2.1.0-4 and 2.1.0-5: - CVE-2017-16516: Potential in a denial of service with crafted JSON file - CVE-2022-24795: integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. - CVE-2023-33460: memory leak which potentially can lead to a out-of- memory situation and cause a crash. . [John Stamp] * Patch CVE-2017-16516 and CVE-2022-24795 (Closes: #1040036) * The patch for CVE-2023-33460 turned out to be incomplete. Fix that. (Closes: #1039984) Checksums-Sha1: 757d09f38e7c64d263af6b166ff5405562805525 32104 libyajl-dev_2.1.0-3+deb11u2_arm64.deb e069cd880a0b8a73bb212dd82bd9cb11d103c78d 40428 libyajl2-dbgsym_2.1.0-3+deb11u2_arm64.deb bf4bf0c9f541f537b8f04cba346344bafc39ff8d 23456 libyajl2_2.1.0-3+deb11u2_arm64.deb 1b7acd09a8325191e9a6d8582f49e646f9cc57d4 13192 yajl-tools-dbgsym_2.1.0-3+deb11u2_arm64.deb 7b51c953120da1da0451fc79b8d6ef79437f339b 14692 yajl-tools_2.1.0-3+deb11u2_arm64.deb 19c91115e3d4b89ed403b959dd9367c5fc0e83ea 7993 yajl_2.1.0-3+deb11u2_arm64-buildd.buildinfo Checksums-Sha256: bbf2ac3dd773126b6a0a54ca16eec3b391eb2bab44c1f4ec26933598521a8736 32104 libyajl-dev_2.1.0-3+deb11u2_arm64.deb 15482932aab2b1be9496eb6b6778e7fc52cbe4cc773ceaa21ae10591ade648ec 40428 libyajl2-dbgsym_2.1.0-3+deb11u2_arm64.deb 23076e3f4af4965e051fcf38f837082da494a24b11c4a04c888cde9df5dabd3f 23456 libyajl2_2.1.0-3+deb11u2_arm64.deb cfc6a32e3b49bcd2c8378e73086911abba6585f0c894a3695da228bd638760d0 13192 yajl-tools-dbgsym_2.1.0-3+deb11u2_arm64.deb 6bb1a0e27438737a78af20c358ebde89ec25a36b18de4f4b8a75c40a32df4919 14692 yajl-tools_2.1.0-3+deb11u2_arm64.deb 052d48be7fbab3eab9d4052ac7546418a85f3e9a1c2fdaa4d5de11217efbe52a 7993 yajl_2.1.0-3+deb11u2_arm64-buildd.buildinfo Files: e90dcdf3235f6763bf019d1f67c7ec0a 32104 libdevel optional libyajl-dev_2.1.0-3+deb11u2_arm64.deb b21e7f93a3de1691c7ec442103fc13c0 40428 debug optional libyajl2-dbgsym_2.1.0-3+deb11u2_arm64.deb 2f2cfc2ffb4a8445bc5105a20aed18c3 23456 libs optional libyajl2_2.1.0-3+deb11u2_arm64.deb ff760a03d5e83b2d45796a843ac0fd32 13192 debug optional yajl-tools-dbgsym_2.1.0-3+deb11u2_arm64.deb 92a30115511877f121928e4ea2afeb2a 14692 utils optional yajl-tools_2.1.0-3+deb11u2_arm64.deb 13ea6180c38d2a14f460a19ae7c05cba 7993 libs optional yajl_2.1.0-3+deb11u2_arm64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVNIS6FpWdgLvabP3yAdpDL98SQ4FAmS+4qcACgkQyAdpDL98 SQ6EiQ//feLXDMKoB2EocGILiEEB0BPFPLBHbqKzWTC0T4+gvEbCbQjdofAdI320 ZPLaJ1kvtMYjMdebeZEf66VQcEYG8MR5EFspAAAcwuog9xjnPyDvvKfAawXGHcf/ C3NR9fTQmI4Q8mMj5QgnOwbIHr4zoPXtP272fniALLaHud4y8pDHdjxWsGVb0XNl 8Ahdl8gMb2m4vXMugvTXJnCLgy4FlNhKtsOPQJdO1WOCmVQDMar2ALepEQZsgROL oaOJnfaZKYjqxEJEucB6UUyZuoSe7T3L0K8RNB2xAyqj6zvOA7tn36u82zTe5g6v UQGNGJErdY5n/uq5TCLMEMo0zNjzBGO0NwcPBIuuaFkCewWRAI92CgeGYMeslANr Vhg4aHEttwV2q/bkvzWV/EZYjjFPkurpmTdu1JwPP9QbD8Hp3yCh0yanvtQuFUkU lDWPrDgRj4BcROjmPnBa2rMRp/HpqesUioLL5nO3nuqBMCVJcGYmlA4D0FKxlbi1 /q/MLHrHWsZb33i1CPNzQxj9ew8fQd7OkUPY/sBj4zXhSqTtUwSP33C1Pq2SSWt9 Uua1MTjgBnKsdTP7AogLcDyQWK+c/6HtnwEUm1PECdZ73bD/fPT3mEb4AggvEwG+ dv+4nw9YHCOblSSADwkGnbCLSgfpN4F46OvdQacs4R5bqLcLvwI= =GbXG -----END PGP SIGNATURE-----