Bug#1123602: marked as done (cjson: New upstream release 1.7.19 (Sep 9, 2025))

[Debian Bug Tracking System]

Your message dated Thu, 08 Jan 2026 09:48:31 +0000
with message-id <e1vdmd5-0000000acw2-2...@fasolo.debian.org>
and subject line Bug#1123602: fixed in cjson 1.7.19-1
has caused the Debian Bug report #1123602,
regarding cjson: New upstream release 1.7.19 (Sep 9, 2025)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1123602: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123602
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: cjson
Version: 1.7.18-4
Severity: wishlist

Dear maintainer,

just filing separately what I previously mentioned in
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112781#21>:

There is a new upstream release at
<https://github.com/DaveGamble/cJSON/releases/tag/v1.7.19>, which also
contains the fix for CVE-2025-57052, i.e. it fixes the incorrect check
in decode_array_index_from_pointer, cf.
<https://sources.debian.org/src/cjson/1.7.18-3.1%2Bdeb13u1/debian/patches/CVE-2025-57052.patch->
and <https://github.com/DaveGamble/cJSON/pull/957>.

Its list of fixes contains:

- Fix indentation (should use spaces), see #814
- Fix spelling errors found by CodeSpell, see #841
- Check for NULL in cJSON_DetachItemViaPointer, fixes #882, see #886
- Fix #881, check overlap before calling strcpy in cJSON_SetValuestring, see 
#885
- Fix #880 Max recursion depth for cJSON_Duplicate to prevent stack exhaustion, 
see #888
- Allocate memory for the temporary buffer when paring numbers, see #939
- fix the incorrect check in decode_array_index_from_pointer, see #957

Please package this when you think it is due time.

Cheers,
Flo

signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

Source: cjson
Source-Version: 1.7.19-1
Done: Maytham Alsudany <mayt...@debian.org>

We believe that the bug you reported is fixed in the latest version of
cjson, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1123...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Maytham Alsudany <mayt...@debian.org> (supplier of updated cjson package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 08 Jan 2026 17:10:58 +0800
Source: cjson
Architecture: source
Version: 1.7.19-1
Distribution: unstable
Urgency: medium
Maintainer: Maytham Alsudany <mayt...@debian.org>
Changed-By: Maytham Alsudany <mayt...@debian.org>
Closes: 1123602
Changes:
 cjson (1.7.19-1) unstable; urgency=medium
 .
   * New upstream version 1.7.19 (Closes: #1123602)
   * Update patches
   * Bump Standards-Version to 4.7.3
Checksums-Sha1:
 606bbf83d43fbefccce0cf80132f95cbe3db87f2 1929 cjson_1.7.19-1.dsc
 e66ddd2f99fd321ab53a694e6c74698eb987d056 356247 cjson_1.7.19.orig.tar.gz
 5ef13129a4ff481b822991e804bca84eae205e23 5452 cjson_1.7.19-1.debian.tar.xz
 f7378f9f6425411ff82179f6fc4d7bfaf7716c49 7255 cjson_1.7.19-1_amd64.buildinfo
Checksums-Sha256:
 297ee8981e6d0c13dca77910111b7266b527d96a5ddda36316667d282ea60136 1929 
cjson_1.7.19-1.dsc
 7fa616e3046edfa7a28a32d5f9eacfd23f92900fe1f8ccd988c1662f30454562 356247 
cjson_1.7.19.orig.tar.gz
 5eedd9196c81cea947c9096ca82ac3af0195f9ac2b06dd3f8ac33a7281a2acaa 5452 
cjson_1.7.19-1.debian.tar.xz
 7ed7dd824e65b3f0f6628e162bc4382e87fc1425b211ab4627f7d7ec7ef275ee 7255 
cjson_1.7.19-1_amd64.buildinfo
Files:
 cc1c9369149cd2741ebb08939dd42d1f 1929 libs optional cjson_1.7.19-1.dsc
 60d39f4f639a90907b305b36727430e1 356247 libs optional cjson_1.7.19.orig.tar.gz
 f75c5b2442dad0ddab854b4125246202 5452 libs optional 
cjson_1.7.19-1.debian.tar.xz
 d3ffda1f6d8b28dbca42332c6cb80f79 7255 libs optional 
cjson_1.7.19-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEESl/RzRFQh8wD3DXB1ZeJcgbF8H8FAmlfeCsACgkQ1ZeJcgbF
8H/LnA/+OftASy1jEq38YkY5AdAHit9HlfInwu+LgJfxqG1JTDyX96CsLbrn8Stq
J7WijJXG/7DHHKR+ytzdPKeuwy3FnHJJ5JEEcqg9CgzOVLM0WQgZ7nftJ4LMdkeb
Gt5YUNSPTpwxrlmJTwnQzKLr/zpmCyXJNMrupPWvJ1MU/fnhM2XWLhndczyjm+jB
ocGTx2h7wvbXDwDB1ZssVcZNoVdEa1CM63c1/tLcCwABKrygGP1jC3Aw/qkn37tF
t3FQKWRih5HgsSHcys5In5Sf5FHQuTu0ikzrtqT91QZS9p4UZnttY1ru5uKhB08Q
2I8alaOXjI5EfYwA6Sc1MZRu2ZndO9S/n6ZG+Qx/ewc3XvcZ3L7spW0HHpVT50UM
caot/aDAqDKQvXKpccaFxGESUhwWUb4rRxMomr+GBcr/lvXC9BGucW4b2UtNAmZ4
WlXeIZ/yleeTXxD8mCh1KRw4luESSBN5hrfZaKIkoGD9J4ACX8UpBJTQ9KBF/q8j
+UoSN177zj0eYxxatV30vEPsEmFzUIr9dxKYgTzkZuekQXv8feLM/rv4dk2WqsTe
K6tFdYSXblxdUHM/NQixXTca/xwgNXXrwK0hnvsmtDIxjtRLwDLYPBMR3PUXmTtc
YEe4fFJ4oFLYJ6I+tkmF07VUiHsOVkHLqZKvYs8hi0IhFdIej+0=
=1ucX
-----END PGP SIGNATURE-----

pgp9w68GZWv7O.pgp
Description: PGP signature

--- End Message ---