Your message dated Sat, 27 Jul 2024 02:44:56 +0000 with message-id <e1sxxqw-007zp3...@fasolo.debian.org> and subject line Bug#1077209: fixed in python-orjson 3.9.15-1 has caused the Debian Bug report #1077209, regarding python-orjson: CVE-2024-27454 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1077209: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077209 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: python-orjson Version: 3.9.14-3 Severity: grave Tags: security upstream Forwarded: https://github.com/ijl/orjson/issues/458 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for python-orjson. CVE-2024-27454[0]: | orjson.loads in orjson before 3.9.15 does not limit recursion for | deeply nested JSON documents. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27454 https://www.cve.org/CVERecord?id=CVE-2024-27454 [1] https://github.com/ijl/orjson/issues/458 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: python-orjson Source-Version: 3.9.15-1 Done: Agathe Porte <gag...@debian.org> We believe that the bug you reported is fixed in the latest version of python-orjson, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1077...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Agathe Porte <gag...@debian.org> (supplier of updated python-orjson package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 27 Jul 2024 10:51:53 +0900 Source: python-orjson Architecture: source Version: 3.9.15-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>, Changed-By: Agathe Porte <gag...@debian.org> Closes: 1077209 Changes: python-orjson (3.9.15-1) unstable; urgency=medium . * New upstream version 3.9.15 (Closes: #1077209) CVE-2024-27454 Checksums-Sha1: 194d20b0f79a8debdbf8728e38a6139f0809367f 2546 python-orjson_3.9.15-1.dsc cc86941616f2f318d9749e6a53d8f4a972ba43f0 907361 python-orjson_3.9.15.orig.tar.gz 2805298502746e976b9b6868a962796d46a916f5 3320 python-orjson_3.9.15-1.debian.tar.xz 664a1f3eecb548125596e526145d5062a850beb9 15824 python-orjson_3.9.15-1_amd64.buildinfo Checksums-Sha256: 5afe30eb0b6308d7b035639696bfffb5582d373d944b0cc5120dc43ec5101ac0 2546 python-orjson_3.9.15-1.dsc c1eabac395c26aa004c2082ce0b213269ffecde98d71d3155d9209dfeaa632dd 907361 python-orjson_3.9.15.orig.tar.gz a2797a1e46f1e5656131859389014fec5ebb0d11a68ccbae838886d61833a6a2 3320 python-orjson_3.9.15-1.debian.tar.xz 2dfb647bf1d13bdba7980cb7c0dbdbca4ea7b54ab8cefa2023abd7e4cb87e28c 15824 python-orjson_3.9.15-1_amd64.buildinfo Files: 876b1e0a6a4a8409619a6ea80aab3edd 2546 python optional python-orjson_3.9.15-1.dsc dbea01413ea3027bc1fab0947191f7f5 907361 python optional python-orjson_3.9.15.orig.tar.gz 9faa65121df4619ba33ff5944c297b24 3320 python optional python-orjson_3.9.15-1.debian.tar.xz f987d3318d96d2dcbe2cfdcebec15467 15824 python optional python-orjson_3.9.15-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEE2xMJtrCqCOwoob8cBjaerR0+AQUFAmakUy4SHGdhZ2F0aEBk ZWJpYW4ub3JnAAoJEAY2nq0dPgEFLUEQAIizyGUAXQQcb56AR7tsHkHBs9k81N1m s2fPuW0eadIFCUlQ7vtvgtypZzMk6BpprbXATt0LzLx9ISP6Vxp4XnR8Nk7NiuAw Uv9ASpQ72gA67kh/kEzFuhLAWmkfmhgmSNCfJmoaLrddgAt7m9UF4QomE4C2i5pC BdyNt5aH8Y0KxMXPt7CJVE78QjSQ2AG9v7DWi8TEzKyP6BoRFwovqY/RFrLTXbY6 KYDztYiEftUGH05NCdw6pZaLPTCXBoUfKSc/bzliU+RYwurAALBGXgOuCfEypO7c ALPC1wZNoqwm9KzbRXm6ybsyvvfr6zGyCho/t40LmrofEmoNZClngo+KYd9KV0gO DqXD3W/fRimrfYvQYesAqg3RTfPrUi7mlBT8kQTNzSk2bQUQiaDVzKR2mxB/1Lui aQ0NaJKisVQGxoe+4hLKXhuS7Yu/LpuPs/5Ey7nz0w7P/Kh/HzcCwbfIgDDLBfH/ 0P4ron1zqy5437y6EpiOzHHeYZ0d9LrAvrr4pYZEPqjyvojji5/ka35PyD8PkXHU Yvm6G7AehzMoaxlGxQGrU8w4HzrzaVfQFFdT+GuhtdiwrlbyqqYwPOmiC7lBtePs fimbHJTZ2PoOA6FPtl5GHBDjsSLIDPT62DTH9z0Lm0PyWOl/L0H41j3VxrZOoyhy 6HAQTYJtHgJn =pdM3 -----END PGP SIGNATURE-----pgpkFCWKRpbfS.pgp
Description: PGP signature
--- End Message ---