-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 26 Apr 2024 12:27:32 +0200 Source: json-smart Architecture: source Version: 2.2-2+deb11u1 Distribution: bullseye Urgency: high Maintainer: Debian Java Maintainers Changed-By: Andreas Beckmann Closes: 1033474 1039985 Changes: json-smart (2.2-2+deb11u1) bullseye; urgency=medium . * Non-maintainer upload. * Rebuild for bullseye. (Closes: #1039985) . json-smart (2.2-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2023-1370: stack overflow due to excessive recursion When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. (Closes: #1033474) * CVE-2021-31684: Fix indexOf A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. Checksums-Sha1: af2188045d10bb2a10fec9fe61ded4f58d188bf2 2098 json-smart_2.2-2+deb11u1.dsc a4cda87958aa72f0698e948d142e3dad35d89bec 6052 json-smart_2.2-2+deb11u1.debian.tar.xz 509a10c2a6ecf31f65326d2b540dda4995c4a9c2 12732 json-smart_2.2-2+deb11u1_source.buildinfo Checksums-Sha256: df75bf6c6c10fe8212d0666343008cb3ca946529dfdb08bf92e110ca43de36e5 2098 json-smart_2.2-2+deb11u1.dsc 40995815542b3a11e3022d252d46dacc595914a6a6cb0286fc7c5990ac19a4b7 6052 json-smart_2.2-2+deb11u1.debian.tar.xz cf0c5c2730c7777454b2f53b378fbf103efa23ed0b53f54aed9d806e57979b20 12732 json-smart_2.2-2+deb11u1_source.buildinfo Files: 3c8b3df4eb4f72be4ad7422166f27a61 2098 java optional json-smart_2.2-2+deb11u1.dsc 66735a9629b9dc31c56e69560f8b6b47 6052 java optional json-smart_2.2-2+deb11u1.debian.tar.xz 4b784f5b1193c7c9523e40f8710f2092 12732 java optional json-smart_2.2-2+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmYrghsQHGFuYmVAZGVi aWFuLm9yZwAKCRBfsz+TWentCJraD/44rGniM0cf2NID2b0VpTRJzjbp0xD4DLPU nyiR2K31wfxZZ2SzrdWZSr/SSPr3I+W/mAtxXmHjbxWJ6RC3FK5DC+zQVdD0HIdc YpNKLml0I7PereFVHftSMek9NTgatxcK6UGXVg1G1vUCYHlAKGYUGbQj7CLGrF0o Gi3BXCnJ5kIklOT6LaILCzy2jZgsqu5asQJFSYvzuQcnUt/RD77/KUyTGj8ncFvo XGZZmhxfxTv+roiq5FXdpUoGYVZq6l6rVwyKjn/CIo/ts4csyCIrZijCrNi3XntJ nfo5EAjjSMTPOH0J50yLZIxQFJ+PfwrS6bEjILz92l64Z9sA/W08pHK1Qk19jZXe aOa0nH4omEjXiokOvBkeuMrB4Ddqeyg67hlkOXUwhWf6pkhQlW5DDgo8kyPnUUU5 Bdm19izhLYhLHAS6k6r13KDtJCdL0ifILtfq2BlA7QOyFxCBjltaB/zShGBd5X/k X5U17lpN7atDUXEq8FvfxmG4MEucXtctnkwRxaWezGgLTKQTOKx9G/a/rdqNET8O na0CRJPeqvmfT3YClQ8Ep5cWLy3cxmhhYptuCYIt0oZWc6WIebeIOGQZKLtGtNFl qop4pkr8D4aMm0qseWsrpTg2/EDOSR5no6E79+itnLs3+Hj5Xi49GuspBXyE2a8r hdlj5Kl3tw== =zBju -----END PGP SIGNATURE-----