[SECURITY] [DLA 4216-1] cjson security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4216-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
June 15, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : cjson
Version : 1.7.14-1+deb11u2
CVE ID : CVE-2023-26819 CVE-2023-53154
Debian Bug : 1103687
Two vulnerabilities have been fixed in cJSON,
a C library for parsing JSON.
CVE-2023-26819
rejection of valid texts
CVE-2023-53154
heap buffer overflow
For Debian 11 bullseye, these problems have been fixed in version
1.7.14-1+deb11u2.
We recommend that you upgrade your cjson packages.
For the detailed security status of cjson please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cjson
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmhPMuYACgkQiNJCh6LY
mLFyqg//ZdIHh5quNPWPWQR/iV//1sW8+d6aLUjguLdvIZtyTWz/gCXVHcJWKirR
+kAicSR5yygvJxwsI8FdjVs/Ize9vd5AO4Vz8Chzq8ZYdr5dU09V/i8Z6/17pSon
YWQARgiFdNL6D6TS1lE6R0egHmeaK9JZEHCRSFpz1l4KseL/mtnb0VoxqA6elhfy
AAPIzmZqCAcfLK4ATCl+n1ybw3fVRTCnYFG5TW4p1QPrd3aKoBBcyRpfhb5kdnQt
90ZjzczC6GCYuJaiIiMrajGwowzbxdrT+hKjqAng7mZfB5x262lmK1F8hjNt6Uwl
ffsi2FxNYz52HgCb/1dtdZFQBxWLI2JrGlS0vs3+Kfn3pTDhUWeudy+lCmcXUQCM
hJr8qFbmSRgPP+OxBia6JQ0fprzx7s8FiAerjGfbq3T1hreaqiCcJB8sU6JnjgiU
bYHuCb/K3/Gp8uYPKYzoeNWXHtC5Ybf6DjRkO7UVu/C5ajoEhtkSVSIE1fEHUeaK
UO+J9b7650p0BSrYQdgyo7yaI7IvZZBRLLzLiDO9dEggmZAYRs3u+2CSlgGhgVxd
Pp6yrlaeci0aRV+wL6tcroXVDYJQAdZmtTdjoTKnD5FLXGSAV3wOrj39ux5s8/DP
B9uD7XKPXVrutEotjkxigovEUrokZ0SKXlmqcNqrzPTtmRz9Neo=
=PcAb
-----END PGP SIGNATURE-----
Reply to: