Package: libarccommon3v5 Version: 6.17.0 Severity: important X-Debbugs-Cc: garnik...@gmail.com
Dear Maintainer, nordugrid-arc-6.17.0 project includes outdated cJSON sources (src/external/cJSON/cJSON.c), which might be missing important updates and bug fixes. I recommend updating the cJSON sources to the latest version available. My report is primarily based on a static analysis tool developed at CAST, which flagged the potential vulnerability due to similarities in the codebase. Thank you for your dedication to ensuring the security and stability of the project. -- System Information: Debian Release: bookworm/sid APT prefers jammy-updates APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), (100, 'jammy-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-35-generic (SMP w/16 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libarccommon3v5 depends on: ii libc6 2.35-0ubuntu3.8 pn libdb5.3++ <none> ii libgcc-s1 12.3.0-1ubuntu1~22.04 ii libglib2.0-0 2.72.4-0ubuntu2.3 ii libglibmm-2.4-1v5 2.66.2-2 ii libnspr4 2:4.35-0ubuntu0.22.04.1 ii libnss3 2:3.98-0ubuntu0.22.04.2 ii libsigc++-2.0-0v5 2.10.4-2ubuntu3 ii libsqlite3-0 3.37.2-2ubuntu0.3 ii libssl3 3.0.2-0ubuntu1.16 ii libstdc++6 12.3.0-1ubuntu1~22.04 ii libuuid1 2.37.2-4ubuntu3.4 ii libxml2 2.9.13+dfsg-1ubuntu0.4 ii libxmlsec1 1.2.33-1build2 pn libxmlsec1-openssl <none> ii openssl 3.0.2-0ubuntu1.16 ii python3 3.10.6-1~22.04 ii zlib1g 1:1.2.11.dfsg-2ubuntu9.2 libarccommon3v5 recommends no packages. libarccommon3v5 suggests no packages.