golang-github-tidwall-gjson - Debian Package Tracker

A new upstream version is available: 1.9.0 high

A new upstream version 1.9.0 is available, you should consider packaging it.

Created: 2021-01-31 Last update: 2021-09-17 01:06

3 security issues in buster high

1 important issue:

CVE-2020-35380: GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.

2 issues left for the package maintainer to handle:

CVE-2020-36066: (needs triaging) GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.
CVE-2020-36067: (needs triaging) GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-08-15 00:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.5.1).

Created: 2021-08-18 Last update: 2021-08-18 14:02