Source: cjson Version: 1.7.10-1 Severity: grave Tags: security upstream fixed-upstream
Hi, The following vulnerabilities were published for cjson. CVE-2019-11834[0]: | cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a | string literal. CVE-2019-11835[1]: | cJSON before 1.7.11 allows out-of-bounds access, related to multiline | comments. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11834 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11834 https://github.com/DaveGamble/cJSON/issues/337 [1] https://security-tracker.debian.org/tracker/CVE-2019-11835 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11835 https://github.com/DaveGamble/cJSON/issues/338 Regards, Salvatore
