-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 21 May 2024 01:38:17 +0200 Source: json-smart Architecture: source Version: 2.2-2+deb12u1 Distribution: bookworm Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Andreas Beckmann <anbe@debian.org> Closes: 1033474 1039985 Changes: json-smart (2.2-2+deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Rebuild for bookworm. (Closes: #1039985) . json-smart (2.2-2+deb11u1) bullseye; urgency=medium . * Non-maintainer upload. * Rebuild for bullseye. (Closes: #1039985) . json-smart (2.2-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2023-1370: stack overflow due to excessive recursion When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. (Closes: #1033474) * CVE-2021-31684: Fix indexOf A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. Checksums-Sha1: 12681d4e9c2c27df8f9718e32016c0d3c2c26612 2094 json-smart_2.2-2+deb12u1.dsc d24ee7eb59c736c27660c883174505eff555c03f 6084 json-smart_2.2-2+deb12u1.debian.tar.xz e97b106e3c62f18fa1494eb96ccaf52cbf204e14 13530 json-smart_2.2-2+deb12u1_source.buildinfo Checksums-Sha256: 15b8c906664ee685e52457c5c4bbed7307af2c260e752f8e38116c087a531762 2094 json-smart_2.2-2+deb12u1.dsc 7531fa48b62df60b301e81028cc6e8720860f3fd3de497ae7411c05372adcd8c 6084 json-smart_2.2-2+deb12u1.debian.tar.xz bd894ea54f17c978a2cc3ab2c06136eabc4802011d2ba77138ab1f60ea5cd290 13530 json-smart_2.2-2+deb12u1_source.buildinfo Files: 0f1ace273a9c8ed099a0287c017234d8 2094 java optional json-smart_2.2-2+deb12u1.dsc e0e77dba4e8b8de32567cec66b70f1d6 6084 java optional json-smart_2.2-2+deb12u1.debian.tar.xz 9e2245afa710a74a0062f242ef7bd0d7 13530 java optional json-smart_2.2-2+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmZL4O8QHGFuYmVAZGVi aWFuLm9yZwAKCRBfsz+TWentCDYvEACEo797w2S+eqfEtdwkSE9c73Bpes/Plshx 1IEhukDTPNPhEz6c6MZ6Io8zewcIiPo9nh93c12uwzRsJb2CeD2HgX40ZTrxnMR8 IgZ56xH1gAuSra99K2/4cH6fnrVIpD2BkQfCTP8LkeGYXUHUizA2ZkN707lG+V4h BKSS/WoMDX6uBdz1WqDiciW7hbyq+7wtVcJbRPYUn2ZKzpSu8W7ENV9KT6DRs/RM D5a+cKobO7LHSFAipm1CSqjKs6osCy9fYaRL4CZZX3MKajIscWU01NPJ/fYz3td9 EuhXjxJz2LDFodAcRZhTu0JNNP0FPyD7SYnoc2LbkAalZihvPq38a/SnCHyZnlKv WNxD9oEbyepf+uvWp1DMhE1VDZO0zLvLu9xzX9NTQif6h1vXnlPXpmoKGT1KqDjM n2Uy1ZiINY2vZxLYPRKmiRtzCt83zCgmGV/m2rMDhGhfzd5VZntfnZ9YgqsyyHt+ uH/4soelXn3E+rDSGdV6KdXzCA5iEjrX8i6gIGNKRARtTFAYe//Qvv2cOrzSOZPS U9nxk9mqwR5O/ZuDMVmMX9yH/joGyqKZMd05FpTA/ArBhf2KHE9mqMuK7tJ1cSuW r9avVNNPIbWGc2XQtsgDRo7AnPnX7iGU2DMQDX0a5NxONOiWJlGiCapb7553WPrf uwT4umOGGA== =XJ9L -----END PGP SIGNATURE-----