Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted json-smart 2.2-3 (source) into unstable
Date: Sat, 13 Apr 2024 18:56:44 +0000
Signed by: Bastien ROUCARIÈS <rouca@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Apr 2024 14:43:01 +0000
Source: json-smart
Architecture: source
Version: 2.2-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1033474
Changes:
 json-smart (2.2-3) unstable; urgency=medium
 .
   * Team upload
   * Add watch file
   * Fix CVE-2023-1370: When reaching a ‘[‘ or ‘{‘ character
     in the JSON input, the code parses an array or
     an object respectively. It was discovered that the
     code does not have any limit to the nesting of such arrays
     or objects. Since the parsing of nested arrays and objects is
     done recursively, nesting too many of them can cause
     a stack exhaustion (stack overflow) and crash the software.
     (Closes: #1033474)
   * Use compat level 13
   * Bump policy to 4.7.7
   * Add salsa-CI
Checksums-Sha1:
 9382d735a0c6eb22fe6f440f87370d7815071501 1999 json-smart_2.2-3.dsc
 2b9020109eec357581c68d20c786ede3d62097f6 5740 json-smart_2.2-3.debian.tar.xz
 92a1016f504df1de1c331ba2dfab33b8b93c035e 14934 json-smart_2.2-3_amd64.buildinfo
Checksums-Sha256:
 dcd3ef598ec1fcab84429c966d3e831e7b683f96dc981d06c38af4a6d1522894 1999 json-smart_2.2-3.dsc
 da2e03d8383aa613e0395796e20269fd40e0b030d0be9faae510ade8d6f3607d 5740 json-smart_2.2-3.debian.tar.xz
 e55bf71b35e5f316a01af4e2d5a63f57144d07276c3a4989eba670b348b7219d 14934 json-smart_2.2-3_amd64.buildinfo
Files:
 c3491d3a9c1180b3aa47e385cf70628a 1999 java optional json-smart_2.2-3.dsc
 700b6ba60861609cec67f5fd7488f663 5740 java optional json-smart_2.2-3.debian.tar.xz
 e15cd953d4cc385530cb25081bf9a02b 14934 java optional json-smart_2.2-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmYazPwRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF/mGA/9FFGCBY8h2TFb9okdeQ362m0KEvYwS+VT
aBLB0UOoxDLsqKRqMwUi1A7qahBZ78MKSCiyM10CMdPx7vUl3s/F7ELdk72gK29g
uzK+XgrSGxDy8s/Vi2zGEgzoxSbBQG2fOLyqScUQDk24ihpFSVztU03EIvxJWs5L
ZyhuNRGtnKwVN9qzbYS4ZQgYsDBJvDLt9XAZDopPRwy7rDcZQKy/h5KjO26+SW2x
Ppg1PS8bDHqBQ+Gu1YmAhQKihHNtzYXEklrAiYwaklIakWq56mCA0dIEGuij6WmP
F6vZs54hLATHHUIQaZzylKnlpAYHCml3X7iYTcqRKiuIbr35Dt5ubFd/GJfadsxG
ucnhHwIoCoWqrGlRkfaYOSeuuGbaGtdJbpeAbWHRFYJHrATcBxXi81PZanEnyNiB
D8+1i/qFOwltYkVcPoBDd4swmVYh4OXJTJ/o6ITVvk+HgwMfPhlI8QFUT/tWed3W
6bF/LIzzSDwp4VnWKFLZb0BdLP2jBe5U9NdVirCufK4SkWkW8RU8ZRjRqXJZPrFM
qtFu4QKTaS1LhtYavj3RkUQn1eB/O7f2qLepaM9dadfGfcLwubQbN03sKGFH1Lp1
QsxKccyUot+V4cJNvTRDPj8vzr0S8Qe9E85y7Oak2blIQOLhUMaZduo/lRm12gyy
E6iJIj0GCJ8=
=ahmj
-----END PGP SIGNATURE-----

News for package json-smart