[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2021-31684/json-smart was fixed in 2.5.1-1

Mon, 03 Mar 2025 21:20:15 -0800 


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ab17bc9a by Adrian Bunk at 2025-03-04T07:13:28+02:00
CVE-2021-31684/json-smart was fixed in 2.5.1-1

- - - - -
ab8e6456 by Adrian Bunk at 2025-03-04T07:18:32+02:00
CVE-2024-57699/json-smart does not affect bookworm or bullseye

- - - - -
ab0e4dbd by Adrian Bunk at 2025-03-04T07:18:55+02:00
dla: No CVE that needs fixing in json-smart

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9651,8 +9651,11 @@ CVE-2025-0522 (The LikeBot  WordPress plugin through 
0.85 does not have CSRF che
        NOT-FOR-US: WordPress plugin
 CVE-2024-57699 (A security issue was found in Netplex Json-smart 2.5.0 through 
2.5.1.  ...)
        - json-smart 2.5.2-1 (bug #1095839)
+       [bookworm] - json-smart <not-affected> (Vulnerable code introduced in 
2.5.0)
+       [bullseye] - json-smart <not-affected> (Vulnerable code introduced in 
2.5.0)
        NOTE: https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699
        NOTE: https://github.com/netplex/json-smart-v2/pull/233
+       NOTE: Introduced by: 
https://github.com/netplex/json-smart-v2/commit/da2e8332395021b3c3b5636a8003377b8e61eaa0
 (2.5.0)
        NOTE: Fixed by: 
https://github.com/netplex/json-smart-v2/commit/c21d8545e58b2ef2aa16094a09b13ff92adef15c
 (2.5.2)
 CVE-2024-57598 (A floating point exception (divide-by-zero) vulnerability was 
discover ...)
        NOT-FOR-US: Bento4
@@ -308805,11 +308808,11 @@ CVE-2021-31685
        RESERVED
 CVE-2021-31684 (A vulnerability was discovered in the indexOf function of 
JSONParserBy ...)
        {DLA-3373-1}
-       - json-smart <unfixed> (unimportant)
+       - json-smart 2.5.1-1 (unimportant)
        [bookworm] - json-smart 2.2-2+deb12u1
        [bullseye] - json-smart 2.2-2+deb11u1
        NOTE: https://github.com/netplex/json-smart-v2/issues/67
-       NOTE: 
https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5
+       NOTE: 
https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5
 (2.4.5)
        NOTE: Security impact disputed by upstream
 CVE-2021-31683
        RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -130,9 +130,6 @@ jinja2 (lee)
   NOTE: 20250122: CVE-2024-56326 testcase does not work directly in bullseye.
   NOTE: 20250122: Don't break the Python2 package again as I did (DLA-3988-2). 
(bunk)
 --
-json-smart
-  NOTE: 20250303: Added by Front-Desk (rouca)
---
 knot-resolver
   NOTE: 20240924: Added by Front-Desk (lamby)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03941c5fcf4bbf825eafb7d4b855220b5e6be09f...ab0e4dbd897e38d3c191a54b8d098d3e6bf1a09f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03941c5fcf4bbf825eafb7d4b855220b5e6be09f...ab0e4dbd897e38d3c191a54b8d098d3e6bf1a09f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to