MIR looks good in general, but it *is* a JSON parser, and could
potentially deal with untrusted data. Looking at the code quickly, it's
pretty complicated, so it doesn't sound unlikely that there'd be some
potential issues there.

I agree that in this case it's for syslog, but it's still important that
we consider any future uses when the package is in main.

Let's get the Security Team's opinion on this.

** Changed in: libfastjson (Ubuntu)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1746327

Title:
  [MIR] libfastjson

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libfastjson/+bug/1746327/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to