[ubuntu/lunar-proposed] json-smart 2.2-2ubuntu1 (Accepted)
David Fernandez Gonzalez
david.fernandezgonzalez at canonical.com
Tue Apr 11 13:40:40 UTC 2023
json-smart (2.2-2ubuntu1) lunar; urgency=medium
* SECURITY UPDATE: DoS caused by unclosed quotes
- debian/patches/0004-CVE-2021-31684-Fix-indexOf.patch:
set right control variable for the indexOf function
in json-smart/src/main/java/net/minidev/json/
parser/JSONParserByteArray.java.
- CVE-2021-31684
* SECURITY UPDATE: DoS caused by uncontrolled nesting
- debian/patches/0005-CVE-2023-1370-stack-overflow-due-to-
excessive-recurs.patch: add limit for nested depth when processing
"{" or "[" in
json-smart/src/main/java/net/minidev/json/parser/JSONParserBase.java,
json-smart/src/main/java/net/minidev/json/parser/ParseException.java,
and json-smart/src/test/java/net/minidev/json/test/TestOverflow.java.
- CVE-2023-1370
Date: Tue, 11 Apr 2023 13:33:16 +0200
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/json-smart/2.2-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 11 Apr 2023 13:33:16 +0200
Source: json-smart
Built-For-Profiles: noudeb
Architecture: source
Version: 2.2-2ubuntu1
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
Changes:
json-smart (2.2-2ubuntu1) lunar; urgency=medium
.
* SECURITY UPDATE: DoS caused by unclosed quotes
- debian/patches/0004-CVE-2021-31684-Fix-indexOf.patch:
set right control variable for the indexOf function
in json-smart/src/main/java/net/minidev/json/
parser/JSONParserByteArray.java.
- CVE-2021-31684
* SECURITY UPDATE: DoS caused by uncontrolled nesting
- debian/patches/0005-CVE-2023-1370-stack-overflow-due-to-
excessive-recurs.patch: add limit for nested depth when processing
"{" or "[" in
json-smart/src/main/java/net/minidev/json/parser/JSONParserBase.java,
json-smart/src/main/java/net/minidev/json/parser/ParseException.java,
and json-smart/src/test/java/net/minidev/json/test/TestOverflow.java.
- CVE-2023-1370
Checksums-Sha1:
5d8b5c16975dfcdd2a7218b4f5173010ff6ccfe4 2148 json-smart_2.2-2ubuntu1.dsc
f9575a8ddf5120f4dcfd02071abab9c508dab9cc 6072 json-smart_2.2-2ubuntu1.debian.tar.xz
8a25ccb537f099f83163d75cff4f4c10c0227010 14180 json-smart_2.2-2ubuntu1_source.buildinfo
Checksums-Sha256:
fea46bdbbb0e74126b9aec445fdfd4babcb345b10832e85d271794eb3f646216 2148 json-smart_2.2-2ubuntu1.dsc
cd98abfdf5fc816c635d00c649658ef3c827108565c3e9a7901c92224c2c6950 6072 json-smart_2.2-2ubuntu1.debian.tar.xz
48647d15a634fcdf95e017e8e78889bd326f51d70d348b6a6fbefd197269e4bd 14180 json-smart_2.2-2ubuntu1_source.buildinfo
Files:
f30d27ed3b22d39c7087c3008e2b7fd3 2148 java optional json-smart_2.2-2ubuntu1.dsc
9deafc72c1dfe76352b9b03affe63c2b 6072 java optional json-smart_2.2-2ubuntu1.debian.tar.xz
ace94086f6182d61d8bb4281e61f488b 14180 java optional json-smart_2.2-2ubuntu1_source.buildinfo
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
More information about the lunar-changes
mailing list