Debian Package Tracker
Register | Log in
Subscribe

r-cran-jsonlite

Robust, High Performance JSON Parser and Generator for R

Choose email to subscribe with

general
  • source: r-cran-jsonlite (main)
  • version: 1.9.1+dfsg-1
  • maintainer: Debian R Packages Maintainers (archive) (DMD) (LowNMU)
  • uploaders: Chris Lawrence [DMD]
  • arch: any
  • std-ver: 4.7.2
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.6+dfsg-1
  • oldstable: 1.7.2+dfsg-1
  • stable: 1.8.4+dfsg-1
  • testing: 1.9.1+dfsg-1
  • unstable: 1.9.1+dfsg-1
versioned links
  • 1.6+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.7.2+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.8.4+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.9.1+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • r-cran-jsonlite
action needed
A new upstream version is available: 2.0.0 high
A new upstream version 2.0.0 is available, you should consider packaging it.
Created: 2025-03-31 Last update: 2025-05-17 15:00
lintian reports 1 error high
Lintian reports 1 error about this package. You should make the package lintian clean getting rid of them.
Created: 2024-02-28 Last update: 2025-04-10 14:01
3 low-priority security issues in bookworm low

There are 3 open security issues in bookworm.

3 issues left for the package maintainer to handle:
  • CVE-2017-16516: (needs triaging) In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.
  • CVE-2022-24795: (needs triaging) yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.
  • CVE-2023-33460: (needs triaging) There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-07-22 Last update: 2025-03-22 04:01
Build log checks report 1 warning low
Build log checks report 1 warning
Created: 2017-10-26 Last update: 2017-10-26 07:22
news
[rss feed]
  • [2025-03-22] r-cran-jsonlite 1.9.1+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2025-03-07] Accepted r-cran-jsonlite 1.9.1+dfsg-1 (source) into unstable (Charles Plessy)
  • [2024-10-04] r-cran-jsonlite 1.8.9+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2024-10-02] Accepted r-cran-jsonlite 1.8.9+dfsg-1 (source) into unstable (Charles Plessy)
  • [2023-12-08] r-cran-jsonlite 1.8.8+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2023-12-05] Accepted r-cran-jsonlite 1.8.8+dfsg-1 (source) into unstable (Andreas Tille)
  • [2023-08-27] r-cran-jsonlite 1.8.7+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2023-08-25] Accepted r-cran-jsonlite 1.8.7+dfsg-1 (source) into unstable (Andreas Tille)
  • [2023-07-21] r-cran-jsonlite 1.8.5+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2023-06-23] Accepted r-cran-jsonlite 1.8.5+dfsg-1 (source) into unstable (Andreas Tille)
  • [2022-12-11] r-cran-jsonlite 1.8.4+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2022-12-09] Accepted r-cran-jsonlite 1.8.4+dfsg-1 (source) into unstable (Andreas Tille)
  • [2022-10-28] r-cran-jsonlite 1.8.3+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2022-10-28] r-cran-jsonlite 1.8.3+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2022-10-25] Accepted r-cran-jsonlite 1.8.3+dfsg-1 (source) into unstable (Andreas Tille)
  • [2022-10-11] r-cran-jsonlite 1.8.2+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2022-10-08] Accepted r-cran-jsonlite 1.8.2+dfsg-1 (source) into unstable (Andreas Tille)
  • [2022-03-12] r-cran-jsonlite 1.8.0+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2022-03-09] Accepted r-cran-jsonlite 1.8.0+dfsg-1 (source) into unstable (Andreas Tille)
  • [2022-01-25] r-cran-jsonlite 1.7.3+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2022-01-23] Accepted r-cran-jsonlite 1.7.3+dfsg-1 (source) into unstable (Nilesh Patra)
  • [2020-12-13] r-cran-jsonlite 1.7.2+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-12-10] Accepted r-cran-jsonlite 1.7.2+dfsg-1 (source) into unstable (Nilesh Patra)
  • [2020-09-23] r-cran-jsonlite 1.7.1+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-09-21] Accepted r-cran-jsonlite 1.7.1+dfsg-1 (source) into unstable (Andreas Tille)
  • [2020-07-03] r-cran-jsonlite 1.7.0+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-07-01] Accepted r-cran-jsonlite 1.7.0+dfsg-1 (source) into unstable (Dylan Aïssi)
  • [2020-02-13] r-cran-jsonlite 1.6.1+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-02-10] Accepted r-cran-jsonlite 1.6.1+dfsg-1 (source) into unstable (Dylan Aïssi)
  • [2019-05-07] Accepted r-cran-jsonlite 1.6+dfsg-1~bpo9+1 (source amd64) into stretch-backports->backports-policy, stretch-backports (Andreas Tille)
  • 1
  • 2
bugs [bug history graph]
  • all: 1
  • RC: 0
  • I&N: 1
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (1, 0)
  • buildd: logs, checks, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.9.1+dfsg-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing