Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8f212837 by Salvatore Bonaccorso at 2024-12-14T17:27:04+01:00 Track fixed version for CVE-2023-5072/libjson-java libjson-java has related changes due to https://github.com/kordamp/json-lib/issues/58 . These are included in v3.1.0 upstream and all tests from https://github.com/stleary/JSON-java/commit/dbb113176b143b519ad0a50b033a9997cc2248fe#diff-44caf7c2d0dfa560c6786c818cd109f6e891474ea8e1226bf08a583282160325R2260 do validae with v3.1.0 upstream. Thanks: Pierre Gruet - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -110256,7 +110256,7 @@ CVE-2023-5555 (Cross-site Scripting (XSS) - Generic in GitHub repository frappe/ CVE-2023-5554 (Lack of TLS certificate verification in log transmission of a financia ...) NOT-FOR-US: LINE CVE-2023-5072 (Denial of Service in JSON-Java versions up to and including 20230618. ...) - - libjson-java <unfixed> (bug #1053882) + - libjson-java 3.1.0+dfsg-1 (bug #1053882) [bookworm] - libjson-java <no-dsa> (Minor issue, revisit when fixed upstream) [bullseye] - libjson-java <no-dsa> (Minor issue) [buster] - libjson-java <no-dsa> (Minor issue) @@ -110274,6 +110274,7 @@ CVE-2023-5072 (Denial of Service in JSON-Java versions up to and including 2023 NOTE: https://github.com/stleary/JSON-java/commit/dbb113176b143b519ad0a50b033a9997cc2248fe (20231013) NOTE: https://github.com/stleary/JSON-java/commit/16967f322ee65c301b48fa79bb681e38896fd212 (20231013) NOTE: https://github.com/stleary/JSON-java/commit/661114c50dcfd53bb041aab66f14bb91e0a87c8a (20231013) + NOTE: https://github.com/kordamp/json-lib/issues/58 CVE-2023-5046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Procost CVE-2023-5045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f2128371b6c0b7f5abf531db258c2cd9823fb85 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f2128371b6c0b7f5abf531db258c2cd9823fb85 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
