This bug was fixed in the package json-c - 0.11-4ubuntu1 --------------- json-c (0.11-4ubuntu1) utopic; urgency=medium
* SECURITY UPDATE: denial of service via hash collision (LP: #1311397) - debian/patches/0001-Patch-to-address-the-following-issues.patch: Upstream patch to enable hash randomization. - CVE-2013-6371 * SECURITY UPDATE: denial of service via buffer overflow (LP: #1311397) - debian/patches/0001-Patch-to-address-the-following-issues.patch: Upstream patch to guard against negative and maximum buffer sizes. - CVE-2013-6370 json-c (0.11-4) unstable; urgency=low * Add upstream patch to fix two security vulnerabilities (Closes: #744008) + [CVE-2013-6371]: hash collision denial of service + [CVE-2013-6370]: buffer overflow if size_t is larger than int -- Dimitri John Ledkov <x...@ubuntu.com> Wed, 23 Apr 2014 01:12:44 +0100 ** Changed in: json-c (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1311397 Title: json-c: CVE-2013-6370 CVE-2013-6371 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/json-c/+bug/1311397/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs