[Bug 1311397] [NEW] json-c: CVE-2013-6370 CVE-2013-6371
Dimitri John Ledkov
launchpad at surgut.co.uk
Wed Apr 23 00:09:43 UTC 2014
Public bug reported:
Imported from Debian bug http://bugs.debian.org/744008:
Source: json-c
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for json-c.
CVE-2013-6370[0]:
buffer overflow if size_t is larger than int
CVE-2013-6371[1]:
hash collision DoS
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
The upstream patch is at [2].
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6370
https://security-tracker.debian.org/tracker/CVE-2013-6370
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6371
https://security-tracker.debian.org/tracker/CVE-2013-6371
[2] https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
Regards,
Salvatore
** Affects: json-c (Ubuntu)
Importance: Undecided
Status: New
** Affects: json-c (Ubuntu Precise)
Importance: Undecided
Status: New
** Affects: json-c (Ubuntu Quantal)
Importance: Undecided
Status: New
** Affects: json-c (Ubuntu Saucy)
Importance: Undecided
Status: New
** Affects: json-c (Ubuntu Trusty)
Importance: Undecided
Status: New
** Affects: json-c (Debian)
Importance: Undecided
Status: New
** Bug watch added: Debian Bug tracker #744008
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744008
** Changed in: json-c (Debian)
Remote watch: None => Debian Bug tracker #744008
** Also affects: json-c (Ubuntu Quantal)
Importance: Undecided
Status: New
** Also affects: json-c (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: json-c (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: json-c (Ubuntu Saucy)
Importance: Undecided
Status: New
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6370
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6371
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to json-c in Ubuntu.
https://bugs.launchpad.net/bugs/1311397
Title:
json-c: CVE-2013-6370 CVE-2013-6371
Status in “json-c” package in Ubuntu:
New
Status in “json-c” source package in Precise:
New
Status in “json-c” source package in Quantal:
New
Status in “json-c” source package in Saucy:
New
Status in “json-c” source package in Trusty:
New
Status in “json-c” package in Debian:
New
Bug description:
Imported from Debian bug http://bugs.debian.org/744008:
Source: json-c
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for json-c.
CVE-2013-6370[0]:
buffer overflow if size_t is larger than int
CVE-2013-6371[1]:
hash collision DoS
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
The upstream patch is at [2].
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6370
https://security-tracker.debian.org/tracker/CVE-2013-6370
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6371
https://security-tracker.debian.org/tracker/CVE-2013-6371
[2] https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
Regards,
Salvatore
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/json-c/+bug/1311397/+subscriptions
More information about the foundations-bugs
mailing list