Your message dated Sat, 25 May 2024 11:32:37 +0000
with message-id <e1sapdd-00cxea...@fasolo.debian.org>
and subject line Bug#1039985: fixed in json-smart 2.2-2+deb11u1
has caused the Debian Bug report #1039985,
regarding libjson-smart-java: buster-lts has a newer version than
bullseye/bookworm/sid
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libjson-smart-java
Version: 2.2-2
Severity: serious
Tags: bullseye bookworm trixie sid
User: debian...@lists.debian.org
Usertags: piuparts
X-Debbugs-Cc: Bastien Roucariès <ro...@debian.org>
Hi,
during a test with piuparts I noticed your package cannot be upgraded
from buster-lts to any newer release since buster-lts has a version
newer than any later release:
json-smart | 2.2-1 | stretch | source
json-smart | 2.2-2 | buster | source
json-smart | 2.2-2 | bullseye | source
json-smart | 2.2-2 | bookworm | source
json-smart | 2.2-2 | trixie | source
json-smart | 2.2-2 | sid | source
json-smart | 2.2-2+deb10u1 | buster-security | source
Andreas
--- End Message ---
--- Begin Message ---
Source: json-smart
Source-Version: 2.2-2+deb11u1
Done: Andreas Beckmann <a...@debian.org>
We believe that the bug you reported is fixed in the latest version of
json-smart, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1039...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated json-smart package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 26 Apr 2024 12:27:32 +0200
Source: json-smart
Architecture: source
Version: 2.2-2+deb11u1
Distribution: bullseye
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1033474 1039985
Changes:
json-smart (2.2-2+deb11u1) bullseye; urgency=medium
.
* Non-maintainer upload.
* Rebuild for bullseye. (Closes: #1039985)
.
json-smart (2.2-2+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* CVE-2023-1370: stack overflow due to excessive recursion
When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code
parses an array or an object respectively. It was discovered that the
code does not have any limit to the nesting of such arrays or
objects. Since the parsing of nested arrays and objects is done
recursively, nesting too many of them can cause a stack exhaustion
(stack overflow) and crash the software. (Closes: #1033474)
* CVE-2021-31684: Fix indexOf
A vulnerability was discovered in the indexOf function of
JSONParserByteArray in JSON Smart versions 1.3 and 2.4
which causes a denial of service (DOS)
via a crafted web request.
Checksums-Sha1:
af2188045d10bb2a10fec9fe61ded4f58d188bf2 2098 json-smart_2.2-2+deb11u1.dsc
a4cda87958aa72f0698e948d142e3dad35d89bec 6052
json-smart_2.2-2+deb11u1.debian.tar.xz
509a10c2a6ecf31f65326d2b540dda4995c4a9c2 12732
json-smart_2.2-2+deb11u1_source.buildinfo
Checksums-Sha256:
df75bf6c6c10fe8212d0666343008cb3ca946529dfdb08bf92e110ca43de36e5 2098
json-smart_2.2-2+deb11u1.dsc
40995815542b3a11e3022d252d46dacc595914a6a6cb0286fc7c5990ac19a4b7 6052
json-smart_2.2-2+deb11u1.debian.tar.xz
cf0c5c2730c7777454b2f53b378fbf103efa23ed0b53f54aed9d806e57979b20 12732
json-smart_2.2-2+deb11u1_source.buildinfo
Files:
3c8b3df4eb4f72be4ad7422166f27a61 2098 java optional
json-smart_2.2-2+deb11u1.dsc
66735a9629b9dc31c56e69560f8b6b47 6052 java optional
json-smart_2.2-2+deb11u1.debian.tar.xz
4b784f5b1193c7c9523e40f8710f2092 12732 java optional
json-smart_2.2-2+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmYrghsQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCJraD/44rGniM0cf2NID2b0VpTRJzjbp0xD4DLPU
nyiR2K31wfxZZ2SzrdWZSr/SSPr3I+W/mAtxXmHjbxWJ6RC3FK5DC+zQVdD0HIdc
YpNKLml0I7PereFVHftSMek9NTgatxcK6UGXVg1G1vUCYHlAKGYUGbQj7CLGrF0o
Gi3BXCnJ5kIklOT6LaILCzy2jZgsqu5asQJFSYvzuQcnUt/RD77/KUyTGj8ncFvo
XGZZmhxfxTv+roiq5FXdpUoGYVZq6l6rVwyKjn/CIo/ts4csyCIrZijCrNi3XntJ
nfo5EAjjSMTPOH0J50yLZIxQFJ+PfwrS6bEjILz92l64Z9sA/W08pHK1Qk19jZXe
aOa0nH4omEjXiokOvBkeuMrB4Ddqeyg67hlkOXUwhWf6pkhQlW5DDgo8kyPnUUU5
Bdm19izhLYhLHAS6k6r13KDtJCdL0ifILtfq2BlA7QOyFxCBjltaB/zShGBd5X/k
X5U17lpN7atDUXEq8FvfxmG4MEucXtctnkwRxaWezGgLTKQTOKx9G/a/rdqNET8O
na0CRJPeqvmfT3YClQ8Ep5cWLy3cxmhhYptuCYIt0oZWc6WIebeIOGQZKLtGtNFl
qop4pkr8D4aMm0qseWsrpTg2/EDOSR5no6E79+itnLs3+Hj5Xi49GuspBXyE2a8r
hdlj5Kl3tw==
=zBju
-----END PGP SIGNATURE-----
pgpSNZPhv5qFB.pgp
Description: PGP signature
--- End Message ---
