-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jul 2023 19:55:30 +0200 Source: yajl Binary: libyajl-dev libyajl2 libyajl2-dbgsym yajl-tools yajl-tools-dbgsym Architecture: ppc64el Version: 2.1.0-3+deb11u2 Distribution: bullseye Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Tobias Frost Description: libyajl-dev - Yet Another JSON Library - development files libyajl2 - Yet Another JSON Library yajl-tools - Yet Another JSON Library - tools Closes: 1039984 1040036 Changes: yajl (2.1.0-3+deb11u2) bullseye; urgency=medium . [Tobias Frost] * Non-maintainer upload. * Cherry pick John's CVE fixes from 2.1.0-4 and 2.1.0-5: - CVE-2017-16516: Potential in a denial of service with crafted JSON file - CVE-2022-24795: integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. - CVE-2023-33460: memory leak which potentially can lead to a out-of- memory situation and cause a crash. . [John Stamp] * Patch CVE-2017-16516 and CVE-2022-24795 (Closes: #1040036) * The patch for CVE-2023-33460 turned out to be incomplete. Fix that. (Closes: #1039984) Checksums-Sha1: 96fb5346fddc2a0cc4c869c570ba749477835c8f 34864 libyajl-dev_2.1.0-3+deb11u2_ppc64el.deb e644ccca139a085568d5cd60c74bdd4b37514347 41372 libyajl2-dbgsym_2.1.0-3+deb11u2_ppc64el.deb 95797abbdcb74c8e9e334ccea3148ae6fc219bc4 25904 libyajl2_2.1.0-3+deb11u2_ppc64el.deb c791f823564542661d544ff28a9b5d6715b0d6f0 13204 yajl-tools-dbgsym_2.1.0-3+deb11u2_ppc64el.deb ee1e1c01447dadb376f93c629a7e1127dac7df69 14932 yajl-tools_2.1.0-3+deb11u2_ppc64el.deb 2dd038ae3f69b04bdbf1d9fb7cd629460b8ff4d4 8059 yajl_2.1.0-3+deb11u2_ppc64el-buildd.buildinfo Checksums-Sha256: 7baab5fcfb64783f639407810a70f1650c44068a6cf82395ffc06040c4100f3e 34864 libyajl-dev_2.1.0-3+deb11u2_ppc64el.deb b3f9fa9cb03d8ba0cdad43735104b947a71e79de610b53795ac993f458c45ef2 41372 libyajl2-dbgsym_2.1.0-3+deb11u2_ppc64el.deb 305127ad5f23a1a111627223191ac79b5437438b8106b6787cb3c1e56daac588 25904 libyajl2_2.1.0-3+deb11u2_ppc64el.deb 88922b84c7e477464b61269bb74948f433df90495063f40623b12110444bf9e7 13204 yajl-tools-dbgsym_2.1.0-3+deb11u2_ppc64el.deb 65a2964b4a2a284e4abd160bf07e5f6a57c4289f5fea4a4577d1a84cdece05c2 14932 yajl-tools_2.1.0-3+deb11u2_ppc64el.deb 9a156b356fc5d0910df83fdbdc494d00cc0be9a3116291511394e5bada91dac5 8059 yajl_2.1.0-3+deb11u2_ppc64el-buildd.buildinfo Files: 25cfdf6db02c32f31c66e7c79890c9b9 34864 libdevel optional libyajl-dev_2.1.0-3+deb11u2_ppc64el.deb abfbf2501d1263def0cb16026c28a384 41372 debug optional libyajl2-dbgsym_2.1.0-3+deb11u2_ppc64el.deb c959c54f5eff001c16a9a8d93e82dfec 25904 libs optional libyajl2_2.1.0-3+deb11u2_ppc64el.deb 608fd888d76cb9fc4b678f422e603280 13204 debug optional yajl-tools-dbgsym_2.1.0-3+deb11u2_ppc64el.deb f2dea0b11044b65ac9c232829d08f5c9 14932 utils optional yajl-tools_2.1.0-3+deb11u2_ppc64el.deb 7e4138b16d6da6c2be80c6624baf998d 8059 libs optional yajl_2.1.0-3+deb11u2_ppc64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5hbnFkJlczvLwwS0Y7DdE4sWZ/UFAmS+4ygACgkQY7DdE4sW Z/Vnkw/8CYa+S1I400DGAE/Rs4KXs6PVv3ZjHADyeGKRF1/mNgH0929djBAMZtKR 1ftfSk88x3sA8H9KwD5Q4p0o6k2T5MdhzMOJCnvzkqwCJ7nsHlc+sXxQDJPy4Rga UqRcg7s/yf6xfoFuaPlfUaX7rgGm8Nsu1CAwGgUjlruZANytH5BOSmhujhogxSDY +bPfD7EslrKSzvc+NsGB14PqvISWSMy0OqZftUuW0Tgt2oMX4K7cax6kt+i7fRZG L9AbBH+Qux9MbrBQJXTIJO0s7C2CU6JKP98pVnAWDmx0oQmk6L70/EOPS5mkSbIL Gp6hEi6lLw1T9SOSyIfV0OQ2dnssuszoi7UXKkcFAZe+BwRH//B4pXl2wFj1Zai7 0c6GUEz6En64Chf+t7pb71nSHu7jFodO/OX2mghD6vFkgCcANQ/gN2dmpzn6WqWk LA/DqzG+b5hPerMq4LbIlgrcZZXuVGCxNHJRwbL8ui+MgRNA/6cGrycwhfN/MNbS +US6befya6+arUB3fqchUpnBwQqqblxlQG47r+vad7jTVr4bKguFLOzL2QHqcuq7 Rt+4HtCDJLpaHNAoZ4H5q/Mt4JFuPJVZVc4nlZ5TEdr8LN02VaP+fiRw7yjTihv5 J6RMOWq/f1FmBrnjvQLWzh7HBW+GJKsrwKE5K6Zn0vW+A5G5uD8= =8B86 -----END PGP SIGNATURE-----