Accepted yajl 2.1.0-3+deb11u2 (source) into oldstable-proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted yajl 2.1.0-3+deb11u2 (source) into oldstable-proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 24 Jul 2023 16:32:24 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: yajl_2.1.0-3+deb11u2_source.changes
- Debian-source: yajl
- Debian-suite: oldstable-proposed-updates
- Debian-version: 2.1.0-3+deb11u2
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=N5N3P5NOF5uBHdjMs0Erc6lDIBouOB4GN7Hz1nYpVGk=; b=EIJ5yfJXjIItHecnofR467NSpB KISVekqGixBeJUvdzM7aZi+Hw1joLXZhpNfj4b7QwIIWTsGjOZP42Q3tUoW/r0fgZOngN0EGuMgTY pvuvnJ/pWmgtVULWTIfyuw43OYM/Ad5m/1nWteo4Jy1gK9eVEUZAkMT9ib8X9Xgc4A7UeAZTCtSrl OO66c5oj5lBs1M/ohy4pLs5qjS8h8QGkqjqPwgMUUrlN8f5s2QG7ImOR0xJP9J+5qpW/WUqTjkLH3 myqeqA33/tE/EAPZSKG+4ChYODpPcngRcCCDfmB7+PagjdeIVXgUUa7gHYarZWExzRO32DiHvHRL4 9K2UIrXQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qNyTw-00Cb9N-Ow@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 11 Jul 2023 19:55:30 +0200
Source: yajl
Architecture: source
Version: 2.1.0-3+deb11u2
Distribution: bullseye
Urgency: medium
Maintainer: John Stamp <jstamp@users.sourceforge.net>
Changed-By: Tobias Frost <tobi@debian.org>
Closes: 1039984 1040036
Changes:
yajl (2.1.0-3+deb11u2) bullseye; urgency=medium
.
[Tobias Frost]
* Non-maintainer upload.
* Cherry pick John's CVE fixes from 2.1.0-4 and 2.1.0-5:
- CVE-2017-16516: Potential in a denial of service with crafted JSON
file
- CVE-2022-24795: integer overflow which leads to subsequent heap
memory corruption when dealing with large (~2GB) inputs.
- CVE-2023-33460: memory leak which potentially can lead to a out-of-
memory situation and cause a crash.
.
[John Stamp]
* Patch CVE-2017-16516 and CVE-2022-24795 (Closes: #1040036)
* The patch for CVE-2023-33460 turned out to be incomplete. Fix that. (Closes: #1039984)
Checksums-Sha1:
aac9ad12d9a96cf7f143dd2519d8eabde9f8ffd0 1980 yajl_2.1.0-3+deb11u2.dsc
ef79354e2721a96be367b8e809baead570c12924 7052 yajl_2.1.0-3+deb11u2.debian.tar.xz
c76501121b4057271c957f2bbed9cf512dbf2726 8644 yajl_2.1.0-3+deb11u2_amd64.buildinfo
Checksums-Sha256:
2ba7f52774411086f7f082cdd7e7928f081216aa596c9660b5ad3de9ba875711 1980 yajl_2.1.0-3+deb11u2.dsc
e942586d6f7990304843050d50d843734fd608f0a3f6b48660972cd93e888799 7052 yajl_2.1.0-3+deb11u2.debian.tar.xz
73ca068f275aee58fc338772cc6106e7e8110a2f47a2d74f52d8e29813920da3 8644 yajl_2.1.0-3+deb11u2_amd64.buildinfo
Files:
d8b1bc027f7e03ec2b13bf0029407b94 1980 libs optional yajl_2.1.0-3+deb11u2.dsc
148b03e929b561f70bfe86cc01b91eb3 7052 libs optional yajl_2.1.0-3+deb11u2.debian.tar.xz
29a846e44b783f13c0055245aa20ccbc 8644 libs optional yajl_2.1.0-3+deb11u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmS9TnEACgkQkWT6HRe9
XTYZBg//fHytlnzn1HUfU4g9rejP/GaYZtKEs8O82zmD++Y8IsFqSuRl1eYgfFuq
wfCudAsmm3UUFjFMCGIjjo6IiMrB8017nXPdOP3EVnE6EhoeHBary7kLPrR2Dz06
t4NnohkNz/slrv/S1CGMjzMXxvAqlKOmUD7cEVVjmh9Kl2S+8Lhh/RFiMJnVSDpi
2c3Rps4ulm3Szyi6q6reLmPDJv2gUwSVhvEkMIiL071ayDzbCmh7A4XtGNCvjAee
C4ZaEQ5BiY62jmJE6knVTOCHSAhli72tiAdf7d4SDHiXchnai6alAlvR07JaNXFi
lnc5mnhvg+zhYRnXUJLXVpxJqOH3v3SfLGAMvpoMxUIF/gnSu3zVJw+A6YBn+M30
e2+87U8T6mMck6vjZfzZTr1eteFvpsRbcaFRONAMyEXALj68ByKydu7lIFTsMXo9
LVBCiNirYpEq8Ae7fzvzSvYi1Q2r45sRlF9xu+G5QaMpMlb47mGSLp4XLFLoqudg
drMlDlVToRV6qdF5KSlRmJ0go4/A2f09qvmFbn/Q8Sz0o/yVw0zZar83chIwO1rJ
HnE/gYFPO/+sGfULM1yhW7X3bIe/dhGg8pV7455jcUQVTE02BQPpm3cevuKlCkeD
UFY2ZyE31gdvsEDxgbXgnnkeho+NYBc4qI3cdCdpVG0TV7AX1z4=
=a8/U
-----END PGP SIGNATURE-----