Your message dated Sat, 14 Jun 2025 10:34:37 +0000
with message-id <[email protected]>
and subject line Bug#1103687: fixed in cjson 1.7.18-3.1
has caused the Debian Bug report #1103687,
regarding cjson: CVE-2023-26819
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1103687: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103687
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cjson
Version: 1.7.18-3
Severity: normal
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for cjson.

CVE-2023-26819[0]:
| cJSON 1.7.15 might allow a denial of service via a crafted JSON
| document such as {"a": true, "b": [ null,999999999999999999999999999
| 9999999999999999999912345678901234567]}.

[1] contains a reproducer, not sure if the problem has bene reported
upstream.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-26819
    https://www.cve.org/CVERecord?id=CVE-2023-26819
[1] https://github.com/boofish/json_bugs/tree/main/cjson

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: cjson
Source-Version: 1.7.18-3.1
Done: Adrian Bunk <[email protected]>

We believe that the bug you reported is fixed in the latest version of
cjson, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated cjson package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 13 Jun 2025 19:02:53 +0300
Source: cjson
Architecture: source
Version: 1.7.18-3.1
Distribution: unstable
Urgency: medium
Maintainer: Maytham Alsudany <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1103687
Changes:
 cjson (1.7.18-3.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2023-26819: rejection of valid texts (Closes: #1103687)
Checksums-Sha1:
 f1ac032ab0f8c0b2764e50e7ea29ecc58993a714 1942 cjson_1.7.18-3.1.dsc
 df63502f8835ab531f5549bf063d6698592eba93 6724 cjson_1.7.18-3.1.debian.tar.xz
Checksums-Sha256:
 3f0c86de4444edd6ef4d8f8c0f82569950cc08df9cdb4b487da9e724836bd655 1942 
cjson_1.7.18-3.1.dsc
 e8a19c26aa6da1f38f621383a20ab044adc9b09b45d30cbc41c7d89e0a5b77ef 6724 
cjson_1.7.18-3.1.debian.tar.xz
Files:
 22f854c9f25308a0a8a374a84ab32c3c 1942 libs optional cjson_1.7.18-3.1.dsc
 ff9b859318fe4732fab6b0d97e193f64 6724 libs optional 
cjson_1.7.18-3.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmhMYnsACgkQiNJCh6LY
mLFmshAAipQhEl2xLUsYu0HnviBJiE3nN8gfWlVTVLL+GDxnbrlL1gthzA/+heBW
ISAHaCx0d2qyQUGlkPowYGZcKlmOflI3S7XGWI6QQ6ypgcu7PXoQpCDbUXbYw+Me
uf1RXKv9mNWTT4JOk6vYbnTTfviYhpxDh0iEReiK+AVVSKEKnwpNVDHHrozDTe14
CvpO9eLHWVRIGOIckOGBvwUZ95BexHQCVRQxSzW4q0oEVuH233lKuU8+/MiGMzW3
1U0pyK69wZO++rAP6GGg4dk94Vb5sU2CFSvxIhSUcGImzMsPhwJppmbbU9XHU9M/
YScSnp9hBsSnEX0PVHFy2eC7872iaPjRzjL584VOW3DvyOt7rpalwziJSJVeWGbF
nHsqBDAsBviJhj7l7c/BW5HS/+50nvMdAMhC7aKgYWRMvte07U1Z6vUatFRWlxUp
Ok98ylhnKPim2tn7UqhWkoVG2nkPCA4Muaix4LeltwQ6afhSBA2Fuxg6fGlYL31U
2uPIV1RA+6NSJ2TXwItsjL2TFCvcdTJd0n5Qitw4bD0Kd13IaPy5FJ5gRl9VwMgg
d+aPMeOqrMd7eraIOFYV0d8pCeAuWRGa3igQJziy/8q+F+Ev4JtQPq0i6LI54mRG
kgH5kzI4bg6y82MvLIsW8eNZthP5rGT9HdV/vcit2sNlpEfiAnc=
=vcJn
-----END PGP SIGNATURE-----

Attachment: pgp4BEfGoutYm.pgp
Description: PGP signature


--- End Message ---

Reply via email to