-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jul 2023 19:55:30 +0200 Source: yajl Binary: libyajl-dev libyajl2 libyajl2-dbgsym yajl-tools yajl-tools-dbgsym Architecture: mips64el Version: 2.1.0-3+deb11u2 Distribution: bullseye Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-03) Changed-By: Tobias Frost Description: libyajl-dev - Yet Another JSON Library - development files libyajl2 - Yet Another JSON Library yajl-tools - Yet Another JSON Library - tools Closes: 1039984 1040036 Changes: yajl (2.1.0-3+deb11u2) bullseye; urgency=medium . [Tobias Frost] * Non-maintainer upload. * Cherry pick John's CVE fixes from 2.1.0-4 and 2.1.0-5: - CVE-2017-16516: Potential in a denial of service with crafted JSON file - CVE-2022-24795: integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. - CVE-2023-33460: memory leak which potentially can lead to a out-of- memory situation and cause a crash. . [John Stamp] * Patch CVE-2017-16516 and CVE-2022-24795 (Closes: #1040036) * The patch for CVE-2023-33460 turned out to be incomplete. Fix that. (Closes: #1039984) Checksums-Sha1: 11168d7a6b16150024148d0073da46a255cb4493 33684 libyajl-dev_2.1.0-3+deb11u2_mips64el.deb 4e74f037069ba27861d2dfa031285dd1709158c7 42384 libyajl2-dbgsym_2.1.0-3+deb11u2_mips64el.deb 01c163df6dbe65031c131b218feba64c23d18400 23000 libyajl2_2.1.0-3+deb11u2_mips64el.deb 532f898118021fcbfd99bc7bfee156d07638fb62 13968 yajl-tools-dbgsym_2.1.0-3+deb11u2_mips64el.deb 799d98e2f9b45d408068663008a91c96df829afa 14772 yajl-tools_2.1.0-3+deb11u2_mips64el.deb e3f093e28e2fb1f0e7edfa8169346c414a859b82 7930 yajl_2.1.0-3+deb11u2_mips64el-buildd.buildinfo Checksums-Sha256: 108d99d1d113c0afcb84cbd8d3229d5a4e48fcf0bf7c946878325896d538532d 33684 libyajl-dev_2.1.0-3+deb11u2_mips64el.deb 8feae26f8a606799a502ef4d1a3d419b868925d2449c5791b6fae2e28818efc7 42384 libyajl2-dbgsym_2.1.0-3+deb11u2_mips64el.deb 08ab3a376c12f16f11fcf2326918f764b4ea5aa4b0929c370fc724f381efda17 23000 libyajl2_2.1.0-3+deb11u2_mips64el.deb eb93b7c7a59cd55930d26f9d1d4013545449a33d64cf2a191ca5041cb64d83b1 13968 yajl-tools-dbgsym_2.1.0-3+deb11u2_mips64el.deb af53b89fb570e58e3aa1c763b1479a87d5691fb5c98e955a75bb54ca457e8195 14772 yajl-tools_2.1.0-3+deb11u2_mips64el.deb 558f139e0b0751e14ef407e7fd29c41473aa30c718635a6e26a4aaf16e750cb8 7930 yajl_2.1.0-3+deb11u2_mips64el-buildd.buildinfo Files: 7a73faaa4181b79e9e8d7377fc84601c 33684 libdevel optional libyajl-dev_2.1.0-3+deb11u2_mips64el.deb 6d07bff484fefd0d36aec909270b5bd3 42384 debug optional libyajl2-dbgsym_2.1.0-3+deb11u2_mips64el.deb 29cd278f09726c361a957116cdada758 23000 libs optional libyajl2_2.1.0-3+deb11u2_mips64el.deb 25ebfa88b95aaa5a586cc70081009aa6 13968 debug optional yajl-tools-dbgsym_2.1.0-3+deb11u2_mips64el.deb 2206b5e029d72e52cc95738c0945ed27 14772 utils optional yajl-tools_2.1.0-3+deb11u2_mips64el.deb 0680c640e451ea222a2952aad8094d9e 7930 libs optional yajl_2.1.0-3+deb11u2_mips64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXUZVEjohYGA7PDpMojl408mCs9YFAmS+6EUACgkQojl408mC s9ZPSg//V/XPYkgl1CWDmzO7oGUB8C9iJ+b0lyEh2v5MXkeXpAuWeUzd7wLwjvrR WhSSOoebxhUjIu5NsVr3Ner2JrK4M01DT5Fd0sQPs0T0eH03HFwvZ+hL1tOijejM 2hpQ6DtO0nKLnHnNewIowSYiQKwDl4cjeTdduq/jWZDzUdeNfS2ugDwQ7b1p9UIM sL+kJv8thYEIspbqlWsbSSzOWmiINveUm+8RAd2aRVOdrFkagbH7DZGDBhxCZe3O 8zUAZGP7XIDSbi5yjcjZJc5sbFmX2EuM9Zii5xN+epzic2METPsxDYrUrAoFmCwl +jH1Nk6H6KcNK+zxXWPuHpvkEDoXFv5tCtPHoJ7rRF0bX1rFDTogzDaADBiI41nU /jgQy5Fo792bc4ivAqODRq5WbkR9lVgDJ26m8gLeyqpcndZK/hz+qKWBTE1nCzqT zjmowFEopeoU4rj2+9M+0DP65zMvGZBKO7t/AiLg0iS8bPNnkz/r+deEXuYxaauT FHk36zPnC8r8PXGoXII/aRn7hPZAXofOYlA1zK+Z6LAJxIz0DjrEAZfDaHwcGAjH JYl/pardMOvt/pQ+SkCL0c6QAD2aZZdrQcjoGwnZCmtKRJc4fFlaKGVdPzY+ZRvK XDa4QkqEACRxP0Uy4LAq/qNF3A5Oczv2aX1+AiEwDNCRhi76HFI= =Q1ec -----END PGP SIGNATURE-----