commit python-ujson for openSUSE:Factory

Sat, 09 Jul 2022 08:17:14 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-ujson for openSUSE:Factory 
checked in at 2022-07-09 17:02:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-ujson (Old)
 and      /work/SRC/openSUSE:Factory/.python-ujson.new.1523 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-ujson"

Sat Jul  9 17:02:54 2022 rev:15 rq:987903 version:5.4.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-ujson/python-ujson.changes        
2022-05-25 20:35:58.532345974 +0200
+++ /work/SRC/openSUSE:Factory/.python-ujson.new.1523/python-ujson.changes      
2022-07-09 17:05:22.780918988 +0200
@@ -1,0 +2,11 @@
+Fri Jul  8 11:55:32 UTC 2022 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 5.4.0 (CVE-2022-31116, bsc#1201255, CVE-2022-31117, bsc#1201254):
+  * Replace wchar_t string decoding implementation with a uint32_t-based one
+  * Fix handling of surrogates on decoding
+  * CVE-2022-31117: Potential double free of buffer during string decoding
+  * Fix memory leak on encoding errors when the buffer was resized
+  * Integer parsing: always detect overflows
+  * Fix handling of surrogates on encoding
+
+-------------------------------------------------------------------

Old:
----
  ujson-5.3.0.tar.gz

New:
----
  ujson-5.4.0.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-ujson.spec ++++++
--- /var/tmp/diff_new_pack.5lUEag/_old  2022-07-09 17:05:23.308919489 +0200
+++ /var/tmp/diff_new_pack.5lUEag/_new  2022-07-09 17:05:23.312919493 +0200
@@ -19,7 +19,7 @@
 %{?!python_module:%define python_module() python3-%{**}}
 %define skip_python2 1
 Name:           python-ujson
-Version:        5.3.0
+Version:        5.4.0
 Release:        0
 Summary:        JSON encoder and decoder for Python
 License:        BSD-3-Clause

++++++ ujson-5.3.0.tar.gz -> ujson-5.4.0.tar.gz ++++++
/work/SRC/openSUSE:Factory/python-ujson/ujson-5.3.0.tar.gz 
/work/SRC/openSUSE:Factory/.python-ujson.new.1523/ujson-5.4.0.tar.gz differ: 
char 5, line 1

Reply via email to