Accepted json-smart 2.2-2+deb10u1 (source) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted json-smart 2.2-2+deb10u1 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 30 Mar 2023 15:40:18 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: json-smart_2.2-2+deb10u1_source.changes
- Debian-source: json-smart
- Debian-suite: oldstable
- Debian-version: 2.2-2+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=A00snLwdP6DLaIykcVVEMcZO1eY5uIwmaXZAoe9tEFc=; b=MTIXPqj5O8L/TWxXYisbAi0mA0 1oJDq6h7hAUgrluloVQTBlPjYW3k5D0rNeWPRjN1oGCzAeZqVjlpwdAl/zAnx6CbDvQ2ur33Bxj5X o47OufXlzy91WcE8rrfbXn+K8GRrP8G3wLaaxWUACn71kn59SAeZMwlz6hEom8ShbfY3992zgwVit FI84jPvabqI5+UeEFbmvBx0nd09QRVlxRx+Csd2m0/1gsJdQUMNtjI6wi0lwIjHszAnxVlpw7TWmO TNZTRSx5dsaKqQMlNuW5opreLgNIlUsObuBZttJitODyAG3HU/3C4+p5zbHAqBhXqYi8YfGjNrc8k BBm2Ca2A==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1phuNu-008hFC-SK@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Mar 2023 22:21:33 +0000
Source: json-smart
Architecture: source
Version: 2.2-2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1033474
Changes:
json-smart (2.2-2+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* CVE-2023-1370: stack overflow due to excessive recursion
When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code
parses an array or an object respectively. It was discovered that the
code does not have any limit to the nesting of such arrays or
objects. Since the parsing of nested arrays and objects is done
recursively, nesting too many of them can cause a stack exhaustion
(stack overflow) and crash the software. (Closes: #1033474)
* CVE-2021-31684: Fix indexOf
A vulnerability was discovered in the indexOf function of
JSONParserByteArray in JSON Smart versions 1.3 and 2.4
which causes a denial of service (DOS)
via a crafted web request.
Checksums-Sha1:
d2b964319b6af7b5872a4c1f195d9cdc8e0152b6 2098 json-smart_2.2-2+deb10u1.dsc
f0c43af8a511588667e1303db1121a63b49c8410 59112 json-smart_2.2.orig.tar.gz
021fb7e556f072043536705d6a264ddebe9cc7e4 6068 json-smart_2.2-2+deb10u1.debian.tar.xz
a4c291f47fcce4cd70ff9f779a5bde6f8c8c7c2c 13184 json-smart_2.2-2+deb10u1_amd64.buildinfo
Checksums-Sha256:
0ff2e2498d0103fe031d3c313a4386465d82672e10a0a1312a7cde64cd8ba109 2098 json-smart_2.2-2+deb10u1.dsc
ce68b5b0e51babe4bee19a9b56ceb6737e099ca669acd5da500bf011e9ac7150 59112 json-smart_2.2.orig.tar.gz
f4c30776d8611ef637ba4baff4f364d80d76b3625508065febf123b84eae164b 6068 json-smart_2.2-2+deb10u1.debian.tar.xz
cd4a11890e3af9194f8c1126dd266a827be60e5623f636799c070b783ad90b2c 13184 json-smart_2.2-2+deb10u1_amd64.buildinfo
Files:
c9336fe198ca23e143b45a7317bdce17 2098 java optional json-smart_2.2-2+deb10u1.dsc
4bbc546dc5563dfe957837a70269c43a 59112 java optional json-smart_2.2.orig.tar.gz
9601bd7ea0016b448ca6bf0c87bba71c 6068 java optional json-smart_2.2-2+deb10u1.debian.tar.xz
9bb437306d6743d90d3910c7cad9ae3b 13184 java optional json-smart_2.2-2+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmQlqf4RHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9kuA/+JzthE/O0j5bMztAxDwCrTg1M4X1Nb56p
PyFDB/fRzqmj7OjaXFQyExafnbp1AjAJSw0h/Q4zt7AFLcF17Z7yWzGSlIrr95Fy
75cfu8MtIKjp73vtAVYbYZr7+9JRCIICPaGLF7hlPnBhJTvdJjOCBReSgXXvGQnG
XgrfNjaiCSxBnM/1kNiIbP7U4FF3gP2AQztvOr8v7ZZ2oBfop+CI/Y6uPqX8+a1J
NnmqZg5wF2ombza1F4fv9dgrL5+NbWotgEyN+eBZI0PFCIzHk+nNahTFnYuo1usB
rXo7F55ex7XscuUXrRSoCpiDV6DizVZd3pwVBgY2W/FOhIJvdtKCmqQ8bw4rknBZ
FIy8RxAQMjkjcfHKw9cY085UkXmL+aVtZ7Bkfl4eoe8v9lG2ZONCgK0rLUoKGQ3n
J1YWPPwcfWusRiONx42ThyWqwg1fi4v+RqB3kKeB/+kHaJFor5drqyojCR/swdEf
Pek/t35OP5j5ucaLUQz8t/859O5gNMWqhTTO/7Xkr/v93Ty2bwWKjS/D/d663MTD
tSh3acyV96XzXV/6r7E/fvTD3CGJrfK2wTzsnPAgqi/RoakLhcmHdVoBBj8G/ghm
/FTA+OzpUJpbHZvgiGZeHsSaEnb8wE7G0fV+AmNdtCh3GqeaaLmL3nSrXFrSAmyu
QoJTACeiyso=
=idKb
-----END PGP SIGNATURE-----