-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jul 2023 19:55:30 +0200 Source: yajl Binary: libyajl-dev libyajl2 libyajl2-dbgsym yajl-tools yajl-tools-dbgsym Architecture: armel Version: 2.1.0-3+deb11u2 Distribution: bullseye Urgency: medium Maintainer: arm Build Daemon (arm-conova-02) Changed-By: Tobias Frost Description: libyajl-dev - Yet Another JSON Library - development files libyajl2 - Yet Another JSON Library yajl-tools - Yet Another JSON Library - tools Closes: 1039984 1040036 Changes: yajl (2.1.0-3+deb11u2) bullseye; urgency=medium . [Tobias Frost] * Non-maintainer upload. * Cherry pick John's CVE fixes from 2.1.0-4 and 2.1.0-5: - CVE-2017-16516: Potential in a denial of service with crafted JSON file - CVE-2022-24795: integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. - CVE-2023-33460: memory leak which potentially can lead to a out-of- memory situation and cause a crash. . [John Stamp] * Patch CVE-2017-16516 and CVE-2022-24795 (Closes: #1040036) * The patch for CVE-2023-33460 turned out to be incomplete. Fix that. (Closes: #1039984) Checksums-Sha1: 7074888e4fa8ad647c9832990c3ac3936b175dcc 29840 libyajl-dev_2.1.0-3+deb11u2_armel.deb 0bc22e410a783b120ea7f6f132d083806315a042 39560 libyajl2-dbgsym_2.1.0-3+deb11u2_armel.deb b817ed00b65eca4e7fe030b59ff5f0245520b15e 21284 libyajl2_2.1.0-3+deb11u2_armel.deb 62760776d13119c526734a0020fdba79c5b62710 12988 yajl-tools-dbgsym_2.1.0-3+deb11u2_armel.deb 4ecc7146742a7fa36a6f2465c07f303670cbdbd3 14216 yajl-tools_2.1.0-3+deb11u2_armel.deb a4b74e20b938b05b91a3ebc2a2a1d1139fc9545d 7922 yajl_2.1.0-3+deb11u2_armel-buildd.buildinfo Checksums-Sha256: 6adb4d3e1538c1a6536a4bb539253efca060a93913b77e765a47d0af65028013 29840 libyajl-dev_2.1.0-3+deb11u2_armel.deb dda923acea8c6a223e34d1af9dc566f824736d57387c86743784a7d850d03926 39560 libyajl2-dbgsym_2.1.0-3+deb11u2_armel.deb 4b1d6494e45307ba28049467478dbde00fc54f4f11305d1a16a0ef28a3604377 21284 libyajl2_2.1.0-3+deb11u2_armel.deb 37460933ff7582ddc48f36e08cc206cf89b9469fa69448fbf2b114d630b9f8f5 12988 yajl-tools-dbgsym_2.1.0-3+deb11u2_armel.deb 8abb310c5acecf9ac66646426f9f43c145f9d24b9c5f685c556cf953d599d0fa 14216 yajl-tools_2.1.0-3+deb11u2_armel.deb c2ef05ac48eea255932ef45d9ad0b197cd7b9ce64ecf731b05facce43cb0ab7d 7922 yajl_2.1.0-3+deb11u2_armel-buildd.buildinfo Files: 6436ea68e5b120dafd662a37235ca2b4 29840 libdevel optional libyajl-dev_2.1.0-3+deb11u2_armel.deb 0c7b89ffa0b0835ec82803d301432531 39560 debug optional libyajl2-dbgsym_2.1.0-3+deb11u2_armel.deb c9ef38d59108b7d24f8b95c25bbe7ad3 21284 libs optional libyajl2_2.1.0-3+deb11u2_armel.deb 3787a7587e6d07a5f59692cf8f3c4ffd 12988 debug optional yajl-tools-dbgsym_2.1.0-3+deb11u2_armel.deb e8c6aa8378f725130a06bafd808283fe 14216 utils optional yajl-tools_2.1.0-3+deb11u2_armel.deb 918542bc653788cb6c3e4ec43c455c8b 7922 libs optional yajl_2.1.0-3+deb11u2_armel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBv+o19JDIRm4yIQ5CeROIpkCGwcFAmS+4rkACgkQCeROIpkC GwfU7xAAry1qJw3RK8uT6Y1Da8M5TZjy3xYJtqmn0EryJYRwBVXq/r11iGmzooqi oyYf5tGUoVhUUtPn6UPbRAuCusIAlfBc8b/gabkrSl0hJ5D72roJwQjlluM0p4Pg AkN8mOdaI6RcilXKPi/aTO6MUI2HyiKLTCHkIfK4/zB3MTLnmogHjrHHraDkwdsY ujncDJVC2KsTvypZZ5FWyCiGhwbdWl2DK60xmHkdQ0dcAeQsy3Ld5dEdYxCFALJn th4M0+CETLQFIZBcrGeZafZUh3M1uWMng+r+1sWieyDCHPlGgWtdcse177M1xREs J7kHppLuNIOy5yagf80haKXRAYCeSADNPWw7a/wUOYONJ1C04UaTJFDfqqrk7ZpT MmjdIoUIUn3C6mwRDmVIeTt2Na3iE4F19WrocJV8vxpoCi/xGQ7RGiPKIzTGUBaJ uLoLyn8bG2C9OQmnvwASZUzmXolwAhKgliubv2OaN4rBdOerkhnN+4rBS2HJ9ZZV 882cUqXPSEzocA0oYJuQLusKFPCvVkqrPmBnOGVntpog6H9AvZfgsTpwV8/Dr+aN CN8aSY08giGauWaSQ/Amzut8/FAv51BYJzGRlBEIedyebqRlr7XqZvvNfpLWQvYg B5oylZGe3lTEkT2imzY+gsGkPelX2R14PRzEJt4G8T8xtLddzNM= =1B/S -----END PGP SIGNATURE-----