ontrol: severity 1040163 grave Control: tags 1040163 security I've re-checked the status on xqilla:
It embedds a very old yajl library, (older than 0.4.0), which is not affected by the mentioned CVE's, however, it is very likely affected by other problems, for example: https://github.com/lloyd/yajl/issues/206 (double free) https://github.com/lloyd/yajl/issues/204 (Uninitialized memory reads and out-of-bound) I'm going to close this bug, but will raise the severity of #1040163, as this needs to be investigated before trixie. -- tobi
