-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 16 Feb 2025 15:47:20 +0100 Source: json-smart Architecture: source Version: 2.5.2-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Pierre Gruet <pgt@debian.org> Closes: 1095839 Changes: json-smart (2.5.2-1) unstable; urgency=medium . * New upstream version 2.5.2: - Fixes CVE-2024-57699: A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370. (Closes: #1095839) * Refreshing patches Checksums-Sha1: 997e15d57d777565cec23d313138c5c86390bea1 2038 json-smart_2.5.2-1.dsc 7433e91569daf45e8448920de6b8465aa773f27a 91770 json-smart_2.5.2.orig.tar.gz e1e021a5517c8d825e9cd2629f0c591b16662007 6900 json-smart_2.5.2-1.debian.tar.xz ac64f4a90d3f1dc58b900d6e2f3deaa229b3b546 14252 json-smart_2.5.2-1_source.buildinfo Checksums-Sha256: 2f7f9f79e793d5130671723d8d4eda1f82f4a7bb2274a3485e1b3eeef72a73f5 2038 json-smart_2.5.2-1.dsc fdd9d445ca912f38fc3f8c18bf451f3be6a506c02761300521a38fd420f48dc7 91770 json-smart_2.5.2.orig.tar.gz 6e83bbeac4939f0982ab07c38795a643b69507b95f149c29bd2a5c6667a3bd2f 6900 json-smart_2.5.2-1.debian.tar.xz 24c67e149ffc53d53f9b2b20afcd89227ad562259f0e70e75c6b6c5d3a3906d6 14252 json-smart_2.5.2-1_source.buildinfo Files: a68310590422a15a15945cea22f2d64c 2038 java optional json-smart_2.5.2-1.dsc 97170ac40ca0675f75ac27a958d9b5d3 91770 java optional json-smart_2.5.2.orig.tar.gz e8f00c77d47b88362b186822c383d740 6900 java optional json-smart_2.5.2-1.debian.tar.xz 2ac31ee30c6d74e9edf7461002bffa99 14252 java optional json-smart_2.5.2-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmex+yMACgkQYAMWptwn dHZuqg/5Aa+WO6FoZplqHtPmrwSy/1CPWkrw3QKXzPYEYEZDM0mm7YEmzbhRX/0A XTQfiyF1GOoq85/SdijKBVUhijiRoz78slvlkhQkzs7/8H4TezqLN/MByT+Tm0aD q+I6ducI+gDbft+ADAQWnSlb9bNR9g0tKmYomIHWk+1fpMf95J/MNWNCM1phPIIr W/mOiLLWZSNoArmdCDTye4/gNUFYZCDaiSQEqf1E/Ckf3uO8WAKOIcZfWNWDqzGY iXVKXsHEVWxO0dE88w7JP3SlOVn1gYIYYEYfeQMzVi5dDc0LzuTfdnDjxxk6zEi1 WUtSnfVWlmfzHpekrl6Foe2fWCaIWehHqyePTDBGasym7HIs7sEue+rw53FhqkLs mU9tYcm5voTpM43wCzhAs0bSZbrl8plnA/Wmh358uD4DoKoXyTdTWiz5FMjut/rX kMfKmP5j5HI79E720hpxHipzq23YiWXKw/NVPdlt3NPoFmXYtoJ2rf2AGCd7zruy h3w0efnhs+aO45G4cA231njNQmL+djJDbLD5L/dtm0zv/2ZQkfGMhpURaTpdn7iB d/vZd5WOZV8+KjJmstCcNO70gzAgROj5EWBaz9+Yhb9kNf6rk+v1aapaTYViksNt EYjif92/wQu3MiFjZxdqKuq1sjb0ExIZH7ppPhhc9s04aPXw/qc= =VuLq -----END PGP SIGNATURE-----
