Public bug reported: Dear Maintainer,
Version 1.7.10-1.1 is the most recent version on focal. The last release included a patch for CVE-2019-11835 (issue #338 on upstream). However, this patch introduced a bug in the patched function cJSON_Minify (issue #354 on upstream). There is a (potential) infinite loop in the relevant function. The issue has been fixed in commit 08d2bc766a82cd75764d036f9efef444590d1cf9 The fix is included in newer releases, so it is included on ubuntu groovy and newer. I request to patch this issue on focal. The fix is very small (only two lines of code). The same issue arised on debian buster and the patch was applied (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973442 ) Thanks for your help. ** Affects: cjson (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934643 Title: infinite loop in patched cJSON_Minify function To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cjson/+bug/1934643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs