There are 2 open security issues in bookworm.
2 issues left for the package maintainer to handle:
- CVE-2023-5072:
(needs triaging)
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
- CVE-2024-47855:
(needs triaging)
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
You can find information about how to handle these issues in the security team's documentation.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/libj/libjson-java.png){kind=link}