-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 26 Apr 2024 12:27:32 +0200
Source: json-smart
Architecture: source
Version: 2.2-2+deb11u1
Distribution: bullseye
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <anbe@debian.org>
Closes: 1033474 1039985
Changes:
 json-smart (2.2-2+deb11u1) bullseye; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bullseye.  (Closes: #1039985)
 .
 json-smart (2.2-2+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2023-1370: stack overflow due to excessive recursion
     When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code
     parses an array or an object respectively. It was discovered that the
     code does not have any limit to the nesting of such arrays or
     objects. Since the parsing of nested arrays and objects is done
     recursively, nesting too many of them can cause a stack exhaustion
     (stack overflow) and crash the software. (Closes: #1033474)
   * CVE-2021-31684: Fix indexOf
     A vulnerability was discovered in the indexOf function of
     JSONParserByteArray in JSON Smart versions 1.3 and 2.4
     which causes a denial of service (DOS)
     via a crafted web request.
Checksums-Sha1:
 af2188045d10bb2a10fec9fe61ded4f58d188bf2 2098 json-smart_2.2-2+deb11u1.dsc
 a4cda87958aa72f0698e948d142e3dad35d89bec 6052 json-smart_2.2-2+deb11u1.debian.tar.xz
 509a10c2a6ecf31f65326d2b540dda4995c4a9c2 12732 json-smart_2.2-2+deb11u1_source.buildinfo
Checksums-Sha256:
 df75bf6c6c10fe8212d0666343008cb3ca946529dfdb08bf92e110ca43de36e5 2098 json-smart_2.2-2+deb11u1.dsc
 40995815542b3a11e3022d252d46dacc595914a6a6cb0286fc7c5990ac19a4b7 6052 json-smart_2.2-2+deb11u1.debian.tar.xz
 cf0c5c2730c7777454b2f53b378fbf103efa23ed0b53f54aed9d806e57979b20 12732 json-smart_2.2-2+deb11u1_source.buildinfo
Files:
 3c8b3df4eb4f72be4ad7422166f27a61 2098 java optional json-smart_2.2-2+deb11u1.dsc
 66735a9629b9dc31c56e69560f8b6b47 6052 java optional json-smart_2.2-2+deb11u1.debian.tar.xz
 4b784f5b1193c7c9523e40f8710f2092 12732 java optional json-smart_2.2-2+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmYrghsQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCJraD/44rGniM0cf2NID2b0VpTRJzjbp0xD4DLPU
nyiR2K31wfxZZ2SzrdWZSr/SSPr3I+W/mAtxXmHjbxWJ6RC3FK5DC+zQVdD0HIdc
YpNKLml0I7PereFVHftSMek9NTgatxcK6UGXVg1G1vUCYHlAKGYUGbQj7CLGrF0o
Gi3BXCnJ5kIklOT6LaILCzy2jZgsqu5asQJFSYvzuQcnUt/RD77/KUyTGj8ncFvo
XGZZmhxfxTv+roiq5FXdpUoGYVZq6l6rVwyKjn/CIo/ts4csyCIrZijCrNi3XntJ
nfo5EAjjSMTPOH0J50yLZIxQFJ+PfwrS6bEjILz92l64Z9sA/W08pHK1Qk19jZXe
aOa0nH4omEjXiokOvBkeuMrB4Ddqeyg67hlkOXUwhWf6pkhQlW5DDgo8kyPnUUU5
Bdm19izhLYhLHAS6k6r13KDtJCdL0ifILtfq2BlA7QOyFxCBjltaB/zShGBd5X/k
X5U17lpN7atDUXEq8FvfxmG4MEucXtctnkwRxaWezGgLTKQTOKx9G/a/rdqNET8O
na0CRJPeqvmfT3YClQ8Ep5cWLy3cxmhhYptuCYIt0oZWc6WIebeIOGQZKLtGtNFl
qop4pkr8D4aMm0qseWsrpTg2/EDOSR5no6E79+itnLs3+Hj5Xi49GuspBXyE2a8r
hdlj5Kl3tw==
=zBju
-----END PGP SIGNATURE-----