-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jul 2023 19:55:30 +0200 Source: yajl Binary: libyajl-dev libyajl2 libyajl2-dbgsym yajl-tools yajl-tools-dbgsym Architecture: armhf Version: 2.1.0-3+deb11u2 Distribution: bullseye Urgency: medium Maintainer: arm Build Daemon (arm-conova-04) Changed-By: Tobias Frost Description: libyajl-dev - Yet Another JSON Library - development files libyajl2 - Yet Another JSON Library yajl-tools - Yet Another JSON Library - tools Closes: 1039984 1040036 Changes: yajl (2.1.0-3+deb11u2) bullseye; urgency=medium . [Tobias Frost] * Non-maintainer upload. * Cherry pick John's CVE fixes from 2.1.0-4 and 2.1.0-5: - CVE-2017-16516: Potential in a denial of service with crafted JSON file - CVE-2022-24795: integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. - CVE-2023-33460: memory leak which potentially can lead to a out-of- memory situation and cause a crash. . [John Stamp] * Patch CVE-2017-16516 and CVE-2022-24795 (Closes: #1040036) * The patch for CVE-2023-33460 turned out to be incomplete. Fix that. (Closes: #1039984) Checksums-Sha1: c2f4b9263b46df301db34d55cfe91d17b21afd55 29944 libyajl-dev_2.1.0-3+deb11u2_armhf.deb bfafeb4f82ce348b09a776908a3179ca1e631ecf 40128 libyajl2-dbgsym_2.1.0-3+deb11u2_armhf.deb 5464c7de7bd5c6b08acb749483bac64b0488cd04 21328 libyajl2_2.1.0-3+deb11u2_armhf.deb 12ae73902ed8dbc9a8e3fdc5a0fa3b1436c4e861 13116 yajl-tools-dbgsym_2.1.0-3+deb11u2_armhf.deb 1d910cdb247a21da947279943e6bc3788b5695a8 14120 yajl-tools_2.1.0-3+deb11u2_armhf.deb 476a5882de75edb34071f3cfd1ad33363cda1076 7924 yajl_2.1.0-3+deb11u2_armhf-buildd.buildinfo Checksums-Sha256: af44da5dbdb2cd3bca218bd39c4123d8dc37faf3b31a4cd12070af7f04b44d27 29944 libyajl-dev_2.1.0-3+deb11u2_armhf.deb 57e28256608a25b4c83b1f63406407133420b53da6736fb66b85e26011c87462 40128 libyajl2-dbgsym_2.1.0-3+deb11u2_armhf.deb 255313690f92d4ca4c7c31d90171e58486d7139fbb4b369b815f9f0c4593e1ad 21328 libyajl2_2.1.0-3+deb11u2_armhf.deb f8862c75942d20e07251d8ec8fa288835da3b02170dbbf808dd0463646a964d8 13116 yajl-tools-dbgsym_2.1.0-3+deb11u2_armhf.deb e50f4b46cf64981c31cf04801f3b8f9375b2725adc7198ea25cc9c7c57bde174 14120 yajl-tools_2.1.0-3+deb11u2_armhf.deb c14841d6c7f979df68588665993e4de7e6486a7f5ef15b41c3f4e296278ddca8 7924 yajl_2.1.0-3+deb11u2_armhf-buildd.buildinfo Files: 9d22b0728f45bba3af1e321b4c4bfd9b 29944 libdevel optional libyajl-dev_2.1.0-3+deb11u2_armhf.deb 42f2aa649b64d3e2087fe8aab820b8e9 40128 debug optional libyajl2-dbgsym_2.1.0-3+deb11u2_armhf.deb 9146a0ac9ccb5795aa65a5bdc190a8c9 21328 libs optional libyajl2_2.1.0-3+deb11u2_armhf.deb 202a53353b6dd1b8a27b900fa4d70fd7 13116 debug optional yajl-tools-dbgsym_2.1.0-3+deb11u2_armhf.deb 15d493438edb0fa326cc34b95e6ec618 14120 utils optional yajl-tools_2.1.0-3+deb11u2_armhf.deb ad4faab5ad087b09852f9e03c682d376 7924 libs optional yajl_2.1.0-3+deb11u2_armhf-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVNIS6FpWdgLvabP3yAdpDL98SQ4FAmS+43kACgkQyAdpDL98 SQ5t/xAAlEDG+TFR62m8+hrKpYN/FY09SCQ3sTQWEkqtHfKgoK64nN2CCTpZ3qTM 4wmIQzA6rEJVNkUjYX4+nppfMGdoBhxBTKW7hxHhx2yCRc8eTsZT2o5bMfF+7mny TsUZub6ZC+OJL0lv6KultT+95U6I0QnBLp/SPC+j0De4j0HWn0XU/KtHQIornqOB wLXK7PHj9qPue4wKeESa096eClsVddOPZaVeBztDo6AL2McvMC9/8fu0AkubRc3t uZIZCt0SsEVZfmr/AJbCiQEae+Yp7VqpO8KYEzJMs1ToiRfqVnPre1k1vYyZB6Xk yUHULBSx9Eqk915f/C6VPI8nBxaA15T9YVNMTvuLnrDYIq36a1++1YVkmUI3Ug6g Gt52AZh2HyNauV/7XxKeJh7Spa9+L5dmtEYPbxqSbPz+Z95ol0y1seOsS2+qvDgj KXsaU4MLxx3+nRgQXvoPZLH2BGftb0UQIBLn6bGlQiMCxc/vGV8BybF/xAl3ctiN 4YW2msrRphjEfW7P0TwNRxIrqtcBC2xzk2MGEKrWKMiEpfGcw2pqQYcSYtNlAQ7w LV5Si7t9J2Z/fNhN+ICTLnwosXCsn8FPawPb7tXHwln6J0XmJ2VUtg2HDBrcXmar gfsmYWz0nyUuGAk4dVlAdqwvNRB5rOMkpXX4I0tyekB4tWc1g3k= =MORK -----END PGP SIGNATURE-----