commit libyajl for openSUSE:Factory

Wed, 19 Jul 2023 10:09:55 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libyajl for openSUSE:Factory checked 
in at 2023-07-19 19:09:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libyajl (Old)
 and      /work/SRC/openSUSE:Factory/.libyajl.new.5570 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libyajl"

Wed Jul 19 19:09:44 2023 rev:26 rq:1099093 version:2.1.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/libyajl/libyajl.changes  2023-05-24 
20:21:56.048026318 +0200
+++ /work/SRC/openSUSE:Factory/.libyajl.new.5570/libyajl.changes        
2023-07-19 19:09:45.872261010 +0200
@@ -1,0 +2,5 @@
+Fri Jul  7 21:27:27 UTC 2023 - James Fehlig <jfeh...@suse.com>
+
+- add libyajl-CVE-2023-33460.patch (CVE-2023-33460, bsc#1212928)
+
+-------------------------------------------------------------------

New:
----
  libyajl-CVE-2023-33460.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libyajl.spec ++++++
--- /var/tmp/diff_new_pack.Yw0IIN/_old  2023-07-19 19:09:46.564265057 +0200
+++ /var/tmp/diff_new_pack.Yw0IIN/_new  2023-07-19 19:09:46.568265081 +0200
@@ -33,6 +33,7 @@
 Patch2:         libyajl-lib_suffix.patch
 Patch3:         libyajl-pkgconfig.patch
 Patch4:         libyajl-CVE-2022-24795.patch
+Patch5:         libyajl-CVE-2023-33460.patch
 BuildRequires:  bison
 BuildRequires:  cmake
 BuildRequires:  doxygen

++++++ libyajl-CVE-2023-33460.patch ++++++
>From c5597ea8483116d4f4cd104b8c3d641e4d4385fa Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfeh...@suse.com>
Date: Fri, 7 Jul 2023 15:21:21 -0600
Subject: [PATCH] Fix for CVE-2023-33460

Fix memory leak in yajl_tree_parse function
---
 src/yajl_tree.c | 6 ++++++
 1 file changed, 6 insertions(+)

Index: yajl-2.1.0/src/yajl_tree.c
===================================================================
--- yajl-2.1.0.orig/src/yajl_tree.c
+++ yajl-2.1.0/src/yajl_tree.c
@@ -445,6 +445,12 @@ yajl_val yajl_tree_parse (const char *in
              YA_FREE(&(handle->alloc), internal_err_str);
         }
         yajl_free (handle);
+        /*
+         * If the requested memory is not released in time, it will cause
+         * memory leakage
+         */
+        if(ctx.root)
+            yajl_tree_free(ctx.root);
         return NULL;
     }

Reply via email to