Your message dated Mon, 15 Sep 2025 20:32:09 +0000
with message-id <[email protected]>
and subject line Bug#1114757: fixed in cjson 1.7.18-3.1+deb13u1
has caused the Debian Bug report #1114757,
regarding cjson: CVE-2025-57052
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1114757: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114757
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cjson
Version: 1.7.18-3.1, 1.7.15-1+deb12u3, 1.7.14-1+deb11u1, 1.7.14-1+deb11u2
Severity: important
Tags: security
CVE-ID: CVE-2025-57052
Hi,
The following vulnerability was published for cjson.
CVE-2025-57052:
allows out-of-bounds access via the decode_array_index_from_pointer function in
cJSON_Utils.c
For further information see:
https://security-tracker.debian.org/tracker/CVE-2025-57052
https://x-0r.com/posts/cJSON-Array-Index-Parsing-Vulnerability
Regards,
Syeda Shagufta Naaz
--- End Message ---
--- Begin Message ---
Source: cjson
Source-Version: 1.7.18-3.1+deb13u1
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cjson, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated cjson package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 12 Sep 2025 00:24:25 +0200
Source: cjson
Architecture: source
Version: 1.7.18-3.1+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Maytham Alsudany <[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1114757
Changes:
cjson (1.7.18-3.1+deb13u1) trixie-security; urgency=medium
.
* CVE-2025-57052 (Closes: #1114757)
Checksums-Sha1:
a610271915a4871202e8dcf31b84d3587b1d9212 1974 cjson_1.7.18-3.1+deb13u1.dsc
3e3408c124a2c885e2724ff88d7f5473cda53038 354726 cjson_1.7.18.orig.tar.gz
d4029e1fb28b082fdde9c3f30bd4dc63285ef77f 7032
cjson_1.7.18-3.1+deb13u1.debian.tar.xz
bbbe35b0bad52235b097bfd8fee4e5e0966aac2f 7233
cjson_1.7.18-3.1+deb13u1_amd64.buildinfo
Checksums-Sha256:
57b560dc195f857987986588ba2eb05f5f30d409c8dc715decfb582d5e56ecbf 1974
cjson_1.7.18-3.1+deb13u1.dsc
3aa806844a03442c00769b83e99970be70fbef03735ff898f4811dd03b9f5ee5 354726
cjson_1.7.18.orig.tar.gz
f6daf5b8b2ccd6ca1f96e4b6fcd7a0e3907f820f75b197367b2ced345d01881d 7032
cjson_1.7.18-3.1+deb13u1.debian.tar.xz
cd46b9b62c90f9bc06a78b465ca95f2823dd2c640dda3c612cd1d4372d1acc0f 7233
cjson_1.7.18-3.1+deb13u1_amd64.buildinfo
Files:
6bb66b9a8bd610911aa989fabfca3fd0 1974 libs optional
cjson_1.7.18-3.1+deb13u1.dsc
926245ca76bd04f338efcac489e2da9d 354726 libs optional cjson_1.7.18.orig.tar.gz
3b71c9c37c73c064eae176250e432584 7032 libs optional
cjson_1.7.18-3.1+deb13u1.debian.tar.xz
0644318300fb3a0f707d761d7ae811d1 7233 libs optional
cjson_1.7.18-3.1+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjElJoACgkQEMKTtsN8
Tja3ThAAk22pbeS5jbCS9Pf5wD8wQHqMaae+ujY04h+HwZv8hK3YGvaMZIe84HSo
Dk99LVqDeRX+b/NNi7utDADypJ3tmfM06b2hlxI3Wo8/eB/fZmDl/Kfc/G8ZZzwW
k+1J1QYg4rZcY85JL6IFF5E6qrs7dCs9bVa7AmyXpO3XpkrB1l3xTW33LOMJjZfb
qyxpUFWFKs9cXfJW79Xs0GuRZcsBM1uEIFRM7NvmV5P8FU+Ty5cikch3TaTLPIF5
fIdY+axbpn06bl4sk9Fi5UIM8xZsnBfywdwK2koi1CHe9QF2N84c+/4pT2VjvJLY
c3KIfKs58Pjnk5VO9C92Nj8UFdX0dW81zCTXT4mRt6AFnggEB7ruyl9EgVFQZTkm
lR3DXCUZ8w615CAJmIV+S7n6kAnviYjRxdVUd1nByXlp4o1j7dq+8QXg7rsgttB3
LZBPy4A02w83I3Z6zoW8qkcgMIvYxhElSy51zBoc8W9o3cnXspD6Zw3OXjvdrDCD
wtzEjZ2corqsRX5YLCtYYUhmaGsHEFfs9Hsrudpv1n4WDrt0KlT7pEuMddSZD/mr
RZHYIQiN22tDRdi8iTjY22ENpIc5LbiXN9taN5QuozET4DQ56vsYRZOyrKIgR2su
SsLiz+Sg/HEgejzSHcG87inglDk30BLcQwdFu4S2TJqo6XjWo+Y=
=Wqoa
-----END PGP SIGNATURE-----
pgpm5tnu9FjzA.pgp
Description: PGP signature
--- End Message ---
