-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jul 2023 19:55:30 +0200 Source: yajl Binary: libyajl-dev libyajl2 libyajl2-dbgsym yajl-tools yajl-tools-dbgsym Architecture: s390x Version: 2.1.0-3+deb11u2 Distribution: bullseye Urgency: medium Maintainer: s390x Build Daemon (zandonai) Changed-By: Tobias Frost Description: libyajl-dev - Yet Another JSON Library - development files libyajl2 - Yet Another JSON Library yajl-tools - Yet Another JSON Library - tools Closes: 1039984 1040036 Changes: yajl (2.1.0-3+deb11u2) bullseye; urgency=medium . [Tobias Frost] * Non-maintainer upload. * Cherry pick John's CVE fixes from 2.1.0-4 and 2.1.0-5: - CVE-2017-16516: Potential in a denial of service with crafted JSON file - CVE-2022-24795: integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. - CVE-2023-33460: memory leak which potentially can lead to a out-of- memory situation and cause a crash. . [John Stamp] * Patch CVE-2017-16516 and CVE-2022-24795 (Closes: #1040036) * The patch for CVE-2023-33460 turned out to be incomplete. Fix that. (Closes: #1039984) Checksums-Sha1: c204e104de94b3f998f3bf2237f6264b199e4e75 31828 libyajl-dev_2.1.0-3+deb11u2_s390x.deb e6abea0fbf1195d4a972354831074253af593cb4 41308 libyajl2-dbgsym_2.1.0-3+deb11u2_s390x.deb 7af675de06e8f098a44929c02a4a303425508336 23120 libyajl2_2.1.0-3+deb11u2_s390x.deb c3adf1397ec1d8961f8970d827bffa7ddbc61be7 12680 yajl-tools-dbgsym_2.1.0-3+deb11u2_s390x.deb f984bdc06717e50df1bd8ae11ad9c10dae8d155c 14528 yajl-tools_2.1.0-3+deb11u2_s390x.deb 065f9030a0d907e977804dc35d365ee0d63734dd 7943 yajl_2.1.0-3+deb11u2_s390x-buildd.buildinfo Checksums-Sha256: e9d2d1e33df4af6a76dee1e382922f5b0028390fc4c6c3d9151f5d78b00b4f6a 31828 libyajl-dev_2.1.0-3+deb11u2_s390x.deb c89b706f5c38b1ee27598d422f3e01848d4f821656a20fd79cf3defad19b209c 41308 libyajl2-dbgsym_2.1.0-3+deb11u2_s390x.deb 49c087685014186b52abc50f61d7f8eb4ecd5097ee1b78df0c2c9ddc2b88befc 23120 libyajl2_2.1.0-3+deb11u2_s390x.deb 9a3dc922752bf7547a2eb8b5247ef51d420aa93e9449ebc051a88629fe6da794 12680 yajl-tools-dbgsym_2.1.0-3+deb11u2_s390x.deb 44503c1dff8428ebd5118607ed28e8715d49b15c612b47e03e3e4027f5d1cb28 14528 yajl-tools_2.1.0-3+deb11u2_s390x.deb d14db08cf08baf28b62c306a421ce9d95615d7ce50d89eb99c43c71b75705953 7943 yajl_2.1.0-3+deb11u2_s390x-buildd.buildinfo Files: 5a4129bae072d6505bceaa4da0d75177 31828 libdevel optional libyajl-dev_2.1.0-3+deb11u2_s390x.deb d4ccfc3066253bf6829dd197125dbf7e 41308 debug optional libyajl2-dbgsym_2.1.0-3+deb11u2_s390x.deb 4c167c01263ddc412a9705438730b33f 23120 libs optional libyajl2_2.1.0-3+deb11u2_s390x.deb cfcef42747d0a229f39c44b3e6b95e1d 12680 debug optional yajl-tools-dbgsym_2.1.0-3+deb11u2_s390x.deb d55ea4dd9b1bf07e5dc13f4e8b572eff 14528 utils optional yajl-tools_2.1.0-3+deb11u2_s390x.deb 453bd9dfd044e39683903f560348d9dd 7943 libs optional yajl_2.1.0-3+deb11u2_s390x-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEhBjA3afmaHyzk51IFQ1EGN3xM6QFAmS+4pUACgkQFQ1EGN3x M6RFRg/+LhuVLrIfI8jykppCrefxPxxSGSf957h8PzynCUDJuJv4WrG/2G9+ZXPX KiE0ECFfYWFByO+8eFI7HGdp8CpFi6MTcb0Bl/mN3gBIo0IzEYKHVW+zNxNrTzJ+ bt4AQFwPOySeKD6vlaZKiA4PcQ1IuAd3jp1x6CYbHklcK/fXeU/v3/CcLO5QC76h n9mQjyD6HqtzvV7I9mkou76mWjuOz/MoxpCdWYaVtMTJufP30xsl9BBRKpiCSOLZ dff6z8tTgIP2ef1YQgRJNMvo4Lo1KDMAkHHU8U9XoQs0P+dItkT2/8mDu1Yabtrf dkLNKqFI2F+IteDwq2PjnWKwO6svl4EyKuBUxn9BoPGd9kK13FwC8zMxs4QLbzNr NQUqcLSLQDxMQ+Mp3IeUTK8PjUcJLPBBvoIIVZkVYBTFxIIpVwAkynxYFUYshYhy JVp+JyIVavmU2AwN8l6U6bqPrzPNNh3JPr2eq+jmh5KpbeqU6RIsvRTEIiIDq/ZU EhZbQ+RvAyUC5s2H9Bn7P2EbRGqsJ2Gs0HUkXmaOFVZPhGMmbaHiTrXOZ54bTNpK Ypdj6X0gksvuVSBpIz2+iFs7RPe/LtZzh1MXg29kbT8A1tFMEU3m7IoL7/nloqEW 9amzaO43oIocZi8lSgdFK+bkCrU6HyX0OQCpDRSHjErx0IbVck0= =Mi2e -----END PGP SIGNATURE-----