-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jul 2023 19:55:30 +0200 Source: yajl Binary: libyajl-dev libyajl2 libyajl2-dbgsym yajl-tools yajl-tools-dbgsym Architecture: i386 Version: 2.1.0-3+deb11u2 Distribution: bullseye Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Tobias Frost Description: libyajl-dev - Yet Another JSON Library - development files libyajl2 - Yet Another JSON Library yajl-tools - Yet Another JSON Library - tools Closes: 1039984 1040036 Changes: yajl (2.1.0-3+deb11u2) bullseye; urgency=medium . [Tobias Frost] * Non-maintainer upload. * Cherry pick John's CVE fixes from 2.1.0-4 and 2.1.0-5: - CVE-2017-16516: Potential in a denial of service with crafted JSON file - CVE-2022-24795: integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. - CVE-2023-33460: memory leak which potentially can lead to a out-of- memory situation and cause a crash. . [John Stamp] * Patch CVE-2017-16516 and CVE-2022-24795 (Closes: #1040036) * The patch for CVE-2023-33460 turned out to be incomplete. Fix that. (Closes: #1039984) Checksums-Sha1: 6e04893ea70f4326fdc885416e9f619a049f06eb 34800 libyajl-dev_2.1.0-3+deb11u2_i386.deb 911bdd725c39f38cf4e24b3549e38614b88e6d5c 36660 libyajl2-dbgsym_2.1.0-3+deb11u2_i386.deb f9f190c2f9ed18fd514bc374b4fc6c3185a438fd 25548 libyajl2_2.1.0-3+deb11u2_i386.deb 75b6aae05f84e6d7fd6a330421817c767962ccdf 12120 yajl-tools-dbgsym_2.1.0-3+deb11u2_i386.deb 51f1d12b642ffa4bec6663dcbf2213a45bb88e1b 14776 yajl-tools_2.1.0-3+deb11u2_i386.deb 6d11af3247fa07bea96de342e18e8f850c485c96 7953 yajl_2.1.0-3+deb11u2_i386-buildd.buildinfo Checksums-Sha256: 2715101e98bb4f66d9faf019c5216de0c9d0a98386d972ac33be7bf91178dfeb 34800 libyajl-dev_2.1.0-3+deb11u2_i386.deb 57168b00c4f111a6747312a56ff36898d981f21f3efcb37326c26fc427ae7b3b 36660 libyajl2-dbgsym_2.1.0-3+deb11u2_i386.deb af401687ddcab3f909d403ebe0252d46a77636e6023eb2a6cc6d16ca6593be8b 25548 libyajl2_2.1.0-3+deb11u2_i386.deb 804e5365e758a0be217f99ff95bb414e578d8e1de08d77c3823c94a337518753 12120 yajl-tools-dbgsym_2.1.0-3+deb11u2_i386.deb b880a2c6ab0c27d1504bef913e50d396dfcd516da85155d49cc30dc7b18a2721 14776 yajl-tools_2.1.0-3+deb11u2_i386.deb 8398d1a54aae52b03142aaf8e94b7c7ac6581301e22686220d2e31075ffb93c5 7953 yajl_2.1.0-3+deb11u2_i386-buildd.buildinfo Files: 88d54c76516b75d9f3df2fb8f4e26bb7 34800 libdevel optional libyajl-dev_2.1.0-3+deb11u2_i386.deb 1aa2221d2d594d89e0ef79d0dd5d74a7 36660 debug optional libyajl2-dbgsym_2.1.0-3+deb11u2_i386.deb e3a8013ea7f0f5348c6bd9e65844aea5 25548 libs optional libyajl2_2.1.0-3+deb11u2_i386.deb 7d0f33472c372c4996a6c24d1aada1db 12120 debug optional yajl-tools-dbgsym_2.1.0-3+deb11u2_i386.deb 0344e546555631c0aa266603b73e94e4 14776 utils optional yajl-tools_2.1.0-3+deb11u2_i386.deb f3f6d6c189a77ec168960a2484076a47 7953 libs optional yajl_2.1.0-3+deb11u2_i386-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEJyRdn7p9tGRfxctAots23/koc0EFAmS+4t4ACgkQots23/ko c0G6AA/7BMVCe0W8SjRFtwUTHmtAwDxzB/9nj2hzKmeHg47B1ZkIyQ1ovaZQbxmS 9XxM2Tct+v60IKDYA/XnOGqjQq4x5op2Pl1Vm/DH+ZOiHRsPq0ROWbE5nld7s/63 AEyNpkbyHgqbgG0n2/MOJL5pG4cufBBqMhbWbnDg2HoZ5Jybq88uZtGoU8ddzCbz 4Up55txGatYcDdJC5E1aKotNKlYqufIIWnzSoDB3Lx57Hp/X9GNQfQ4sK3Xp+bnK 0XQpHgGA3eMSnOMSjN+5Nkqbb+c8aNZvqwq/Gjbt3rOWCKJtQwC9z3xlf5Er7BL3 DvmiewjTyxG/jUAxAvm1lHwm1jGymHL500fb57qFpfd04x6c1Ln3RSqLFBjokzys OfQYZjfjpv12MAE4hX5U4DawBxnSuGMtqKbZlHn3sPAv2pxjWA9ifz9ZpRYKoNOi cdSnwOKDh5cJHWCq9K5m/ki1SlXuqRMR1IoYjdIFKBNdt2wwI1fLu/M0zGTJ5GBa r239BCXbhNrS4JRILyX3t7PreC/YigZ2tm+hp99Np31E+gPJNGQAN9z3GorSgfKY L4SF/Yl9YpkiqNSp9CRVmeRJ9hYJUUnfzZUPL5+K8z+t2Og8TJ6iE0sdLKXR4grA g0PmhQ+m0JRpUxtwwg+UCtLb40HsEAqI/awXrYAP/63HGbgZeXM= =oCTV -----END PGP SIGNATURE-----