-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2301-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 30, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : json-c Version : 0.12.1-1.1+deb9u1 CVE ID : CVE-2020-12762 Debian Bug : 960326 Tobias Stoeckmann found an integer overflow issue in JSON-C, a C library to manipulate JSON objects, when reading maliciously crafted large files. The issue could be exploited to cause denial of service or possibly execute arbitrary code. For Debian 9 stretch, this problem has been fixed in version 0.12.1-1.1+deb9u1. We recommend that you upgrade your json-c packages. For the detailed security status of json-c please refer to its security tracker page at: https://security-tracker.debian.org/tracker/json-c Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8i3I8ACgkQnUbEiOQ2 gwLSwA//ZufnfOdAgWMeOfzeVFFTBXW5YSkNUJobcZ7NHbrwxpYSooiTobU1YQs5 DpDeWP2Vfa3VvG13yjgqysO0U9ijoNiGIhF8jHEAnkEmFi1cQ/Z3MRo5fTXSXU1m yeJ1aKAvqaImBhnVlIKKfCGb0DVC21EkihI8JDjepLLli9/ewtzFjuKxPVK8Z1a+ 12Sl2/HcHAEnmd/Yq6t2zGPqp2RLzs5YzYSDiQDnmcLlp7ibaftwCwckFo1Yo95R mHvBzqsIrME5kIUDYRVK7Br1uAXojkOeSuQLcw1KRfc7khiMXGhkRsCMWBPegS4L cYGP/XiHvsCRfLkvzsAu69CiSd9h5a/lPwQKcCzR3sdcSkRjsLtoGtQJYFIYLvBn G9QCz2V/p19EX1xY39YWuLNugTuV3KHB6soYUIGJkSaRJBNCzWhFGQHJHHVYwmo5 M0lrPBQFMPrbP9agNbZJffVeSFcnV5k9vCDZ9hVKE9ByBERZckjXONCT6fV+JqWq di0K4USvRsXLxW6PWhgoK18GUN+1RqoiLD1r2GCMiPwRVx+v9xqpisvtTFQhVhLS d79LALJktJeq4/4NPB91bJ7OcyXBF6WtvUEMszgLYhLqEGKpYOiVeBy68DB/tvEF ZrqyPCh3eVFGYHZBsww3r0fnoYsnrscOeIowjt09IY0Lylqw1ik= =who8 -----END PGP SIGNATURE-----