Bug#1114757: marked as done (cjson: CVE-2025-57052)

Mon, 15 Sep 2025 13:35:27 -0700 

Your message dated Mon, 15 Sep 2025 20:32:28 +0000
with message-id <[email protected]>
and subject line Bug#1114757: fixed in cjson 1.7.15-1+deb12u4
has caused the Debian Bug report #1114757,
regarding cjson: CVE-2025-57052
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1114757: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114757
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: cjson
Version: 1.7.18-3.1, 1.7.15-1+deb12u3, 1.7.14-1+deb11u1, 1.7.14-1+deb11u2
Severity: important
Tags: security
CVE-ID: CVE-2025-57052

Hi,

The following vulnerability was published for cjson.

CVE-2025-57052:
allows out-of-bounds access via the decode_array_index_from_pointer function in 
cJSON_Utils.c

For further information see:
https://security-tracker.debian.org/tracker/CVE-2025-57052
https://x-0r.com/posts/cJSON-Array-Index-Parsing-Vulnerability

Regards,
Syeda Shagufta Naaz

--- End Message ---
--- Begin Message --- 
Source: cjson
Source-Version: 1.7.15-1+deb12u4
Done: Moritz Mühlenhoff <[email protected]>

We believe that the bug you reported is fixed in the latest version of
cjson, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated cjson package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 12 Sep 2025 00:15:27 +0200
Source: cjson
Architecture: source
Version: 1.7.15-1+deb12u4
Distribution: bookworm-security
Urgency: medium
Maintainer: Boyuan Yang <[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1114757
Changes:
 cjson (1.7.15-1+deb12u4) bookworm-security; urgency=medium
 .
   * CVE-2025-57052 (Closes: #1114757)
Checksums-Sha1:
 1f2e1fd47616266ff33f6f082b98c4e254fdf4f8 1899 cjson_1.7.15-1+deb12u4.dsc
 268593a0838a6ae9115ec778828f1e06a88def03 352278 cjson_1.7.15.orig.tar.gz
 cf12d9b80556be5c4d77bfc711d669a34901ad29 7108 
cjson_1.7.15-1+deb12u4.debian.tar.xz
 34b7af778fd84d43f66155bd5bb8e53483541d71 7503 
cjson_1.7.15-1+deb12u4_amd64.buildinfo
Checksums-Sha256:
 764c2de141d680f4fb4cada30c526dacaa30ead061b9b9c34f2b81e2df0f8439 1899 
cjson_1.7.15-1+deb12u4.dsc
 5308fd4bd90cef7aa060558514de6a1a4a0819974a26e6ed13973c5f624c24b2 352278 
cjson_1.7.15.orig.tar.gz
 afd19a970966cf534ff1e9ec077d710a5e7e78eb4ec9b499c8bdc32e55da12cb 7108 
cjson_1.7.15-1+deb12u4.debian.tar.xz
 6f647f02dc9c8cb410811db43671aa353afb244760efedcdfd2242e9b547eb99 7503 
cjson_1.7.15-1+deb12u4_amd64.buildinfo
Files:
 2148b05881eb7ca15422686edb9f283f 1899 libs optional cjson_1.7.15-1+deb12u4.dsc
 921b4bcb401aa604dc632fdb1c8dbdea 352278 libs optional cjson_1.7.15.orig.tar.gz
 0d1d9ccad4ce6ac9dfca12ded7ca535f 7108 libs optional 
cjson_1.7.15-1+deb12u4.debian.tar.xz
 3e5c34485987280e402cdb12c700580e 7503 libs optional 
cjson_1.7.15-1+deb12u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjElIIACgkQEMKTtsN8
TjbrkxAApQA5hGYgoqJSMRWww8NsPhTFmwCd+vd50cUZq7+7fu+/3pmBhl3r6Hyx
l6X7Zy8yvu9P3U/HUEN+voR5IAU1CzTUK9cu2QXiRWr69fgr6bCUpR3E6q1DIREy
koefLhpf2n/WSsRmhc4aVd+DlaQE0eC6/WT0EXDlVIIzkBzWnJawDwLy6CJH3PwO
FlAagYHtJXSD6nxlsNG2Iwh8+mcUBpm1bWe5izbECztDUfcMCiii3p4IOBhxAtsz
pgaxlxckmbjaHxoCJNlG1nSx0cXlfqrHY4U0Gj16BzlRnZlbDyxVatyAdolTOxKJ
6Kx6DxxSkYtMjzVlTlQ2/dJb6BRCeoZXOY4XYOU9g+AGeZKWG9mbAxd60a98YoFq
h8rOUPOj1wCsa1Tcp7BLQC60338xVxRrL5xNVw57Dhor1QFY5FvvC1Yp/NZOCq/B
Wzmq1hajBLa9aBtmxrDKcOE2AxBrhmmR1yRoQwJq3edo9NCm2OJGX4CdVR54gxAn
iYTOIyagc0F8L9Noe+Iw7OvwRF3UQ3x/6kxd2JPhVEcBm5xJBzF1yPYBh4rtgYNZ
/jjOBdkDQf/VWaDNgu5yZd6kBI2bmDtdUwD0MdbXv2OY1SJxLaZngUyhcr6NL6E3
jGlNYzsplrFd1ZvB45a6w1jrTkK/w1KiClZkLtsNsi9+q3c7RQc=
=K+KP
-----END PGP SIGNATURE-----

Attachment: pgpeIeWgaV_HC.pgp
Description: PGP signature


--- End Message ---

Reply via email to