This bug was fixed in the package json-c - 0.11-4ubuntu1
---------------
json-c (0.11-4ubuntu1) utopic; urgency=medium
* SECURITY UPDATE: denial of service via hash collision (LP: #1311397)
- debian/patches/0001-Patch-to-address-the-following-issues.patch:
Upstream patch to enable hash randomization.
- CVE-2013-6371
* SECURITY UPDATE: denial of service via buffer overflow (LP: #1311397)
- debian/patches/0001-Patch-to-address-the-following-issues.patch:
Upstream patch to guard against negative and maximum buffer sizes.
- CVE-2013-6370
json-c (0.11-4) unstable; urgency=low
* Add upstream patch to fix two security vulnerabilities (Closes: #744008)
+ [CVE-2013-6371]: hash collision denial of service
+ [CVE-2013-6370]: buffer overflow if size_t is larger than int
-- Dimitri John Ledkov <x...@ubuntu.com> Wed, 23 Apr 2014 01:12:44 +0100
** Changed in: json-c (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1311397
Title:
json-c: CVE-2013-6370 CVE-2013-6371
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/json-c/+bug/1311397/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
