[Bug 2115972] Re: Please sync json-smart from Debian Unstable for questing

Fri, 04 Jul 2025 05:45:51 -0700 

This bug was fixed in the package json-smart - 2.5.2-1
Sponsored for Eduardo Barretto (ebarretto)

---------------
json-smart (2.5.2-1) unstable; urgency=medium

  * New upstream version 2.5.2:
    - Fixes CVE-2024-57699: A security issue was found in Netplex Json-smart
      2.5.0 through 2.5.1. When loading a specially crafted JSON input,
      containing a large number of ’{’, a stack exhaustion can be trigger,
      which could allow an attacker to cause a Denial of Service (DoS). This
      issue exists because of an incomplete fix for CVE-2023-1370.
      (Closes: #1095839)
  * Refreshing patches

 -- Pierre Gruet <[email protected]>  Sun, 16 Feb 2025 15:47:20 +0100

json-smart (2.5.1-1) unstable; urgency=medium

  * Team upload
  * New upstream version 2.5.1 (Closes: #1068940)
  * Refreshing patches
  * Refreshing d/copyright
  * Fixing Vcs-* fields in d/control
  * Simplifying d/rules after the parent pom was removed from the source package
  * Providing a parent pom in the debian/ directory, to be used during the build
  * Packaging with jar instead of bundle
  * Comparing milliseconds since epoch instead of precise instants in test
  * Removing unneeded versioned B-D on maven-debian-helper

 -- Pierre Gruet <[email protected]>  Wed, 04 Dec 2024 22:16:05 +0100

json-smart (2.2-3) unstable; urgency=medium

  * Team upload
  * Add watch file
  * Fix CVE-2023-1370: When reaching a ‘[‘ or ‘{‘ character
    in the JSON input, the code parses an array or
    an object respectively. It was discovered that the
    code does not have any limit to the nesting of such arrays
    or objects. Since the parsing of nested arrays and objects is
    done recursively, nesting too many of them can cause
    a stack exhaustion (stack overflow) and crash the software.
    (Closes: #1033474)
  * Use compat level 13
  * Bump policy to 4.7.7
  * Add salsa-CI

 -- Bastien Roucariès <[email protected]>  Sat, 13 Apr 2024 14:43:01
+0000

** Changed in: json-smart (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1370

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57699

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2115972

Title:
   Please sync json-smart from Debian Unstable for questing

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/json-smart/+bug/2115972/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to