-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jul 2023 19:55:30 +0200 Source: yajl Binary: libyajl-dev libyajl2 libyajl2-dbgsym yajl-tools yajl-tools-dbgsym Architecture: mipsel Version: 2.1.0-3+deb11u2 Distribution: bullseye Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Tobias Frost Description: libyajl-dev - Yet Another JSON Library - development files libyajl2 - Yet Another JSON Library yajl-tools - Yet Another JSON Library - tools Closes: 1039984 1040036 Changes: yajl (2.1.0-3+deb11u2) bullseye; urgency=medium . [Tobias Frost] * Non-maintainer upload. * Cherry pick John's CVE fixes from 2.1.0-4 and 2.1.0-5: - CVE-2017-16516: Potential in a denial of service with crafted JSON file - CVE-2022-24795: integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. - CVE-2023-33460: memory leak which potentially can lead to a out-of- memory situation and cause a crash. . [John Stamp] * Patch CVE-2017-16516 and CVE-2022-24795 (Closes: #1040036) * The patch for CVE-2023-33460 turned out to be incomplete. Fix that. (Closes: #1039984) Checksums-Sha1: 75f2c2806c3230a888f1a016cf06bfed4e76aabe 33036 libyajl-dev_2.1.0-3+deb11u2_mipsel.deb d85d7e84426d0149fee9a10fc2d390c3dab98365 40268 libyajl2-dbgsym_2.1.0-3+deb11u2_mipsel.deb baf4a777d4bad0b01bb435860fe5fa8a7a9dd015 22588 libyajl2_2.1.0-3+deb11u2_mipsel.deb 0c5ee4e6f72589c85300adf167b25f3d765748a0 12776 yajl-tools-dbgsym_2.1.0-3+deb11u2_mipsel.deb 6ade8aa82b885991ebd13ec410a6e2ad1f8cacb3 14492 yajl-tools_2.1.0-3+deb11u2_mipsel.deb 8ee2268bbcf94fa556a2d842c191d36e8cc07dd6 7889 yajl_2.1.0-3+deb11u2_mipsel-buildd.buildinfo Checksums-Sha256: 74eb3a43cd3b546c7689014fde8afcb97ab438e1268463a2cd9685afce6f204e 33036 libyajl-dev_2.1.0-3+deb11u2_mipsel.deb 514d35a0c7b03c0c385be4b1b82b362314efbb5b4ccb2b146f54d4713dac4b62 40268 libyajl2-dbgsym_2.1.0-3+deb11u2_mipsel.deb 0543947d79bb8438150b2b9b8b461ca4d6cbd57c80386e0d324cdcebe9fbf115 22588 libyajl2_2.1.0-3+deb11u2_mipsel.deb 0ff4a0be18277d08272b815fb898b567ccbc1763f0b66449fcbdb6d3ed4f2d3c 12776 yajl-tools-dbgsym_2.1.0-3+deb11u2_mipsel.deb de168179acaaa7b2993552807a343dde7ff3892d204bf467c0092a02a7c3c57e 14492 yajl-tools_2.1.0-3+deb11u2_mipsel.deb 6e48f77cfd9b539e44e690e158c2b977f0fa074cb6cca6ac7dcf9656a16cc5e3 7889 yajl_2.1.0-3+deb11u2_mipsel-buildd.buildinfo Files: 7f134b486b17beec8a3405e90872ac37 33036 libdevel optional libyajl-dev_2.1.0-3+deb11u2_mipsel.deb 219589012c93a5dd7859c88616114acb 40268 debug optional libyajl2-dbgsym_2.1.0-3+deb11u2_mipsel.deb 29e98d2b1cc95a7d1062e8806cc90c64 22588 libs optional libyajl2_2.1.0-3+deb11u2_mipsel.deb d5f480d9361e07c928dd4f6cfa2b4732 12776 debug optional yajl-tools-dbgsym_2.1.0-3+deb11u2_mipsel.deb 9880c5cf9602d8252a404dfa3164e8a6 14492 utils optional yajl-tools_2.1.0-3+deb11u2_mipsel.deb 7b66ff0fcf491f7959b608023ded6a97 7889 libs optional yajl_2.1.0-3+deb11u2_mipsel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7FUbSrfgk+qhJhySoQbzkdO+xGgFAmS+5lkACgkQoQbzkdO+ xGgLHxAApUVLWf01HKT2dJq1BpSr8rDS5Tpbr9B59Lw+5ExchR2wWTHYnx7dSDcR 26nwPiEiFUYcJInAJdj5sVTwm68yUgjEaQ+WHt8V/6BL1mNqbpwMc4vsxF2rlZfz dLdBb/nv0MDaR+VRbI20cnE0Yt9LVRL5xLqIxO1zZHaBiznQyo7S2HZWi76DK/X7 6OdtAxpHDWOWdmvTE2C6efU5U1gcjV0tc8842k1hkv4NuPuOoSHhyjofso7UbxEj ES5nhtQCfKcO+tGf1a0Et+/IQMCQJhEOLEu1rgcgPxGJIG5xwc+lVmxf5MYTnDcd bvkVYLiIVsyhZdr9IHbyl9HhxLAlf4hBRWqS2EYDiiMzK/GkX7m7g8/2p8kPuNz5 +Corla3IqpidZPzkgeVHq/l/K3qVdrgBZ0oexbK0yD3YtBtNogJ313e6jF7bh3qA FC7FAPtNM3YBwi8M0eEUFb+DhNqlsb6P7/nBnhz8jpi4SC1qpAdYPc9tL5vg4vgu xziwbF7afusbXET8BhOAnDv9WVWgSXfEnVLvKUfHQ4xeGf72gmj3zzFhVIfoBhIb Rr4lwrN2TGVyMd8/nsxtRv2hTe0doz4o/24cCFaTQ846NVTb/yPZHpdb3NMatRZS OSfD4d7GRWhQpsNWTgGX+NmCjuC/J0RmkTsVVqnip2swzrQTBcU= =a7Ca -----END PGP SIGNATURE-----