[SECURITY] [DLA 4304-1] cjson security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4304-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
September 18, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : cjson
Version : 1.7.14-1+deb11u3
CVE ID : CVE-2025-57052
It was discovered that cJSON, an ultralightweight JSON parser, performed
insufficient input sanitising, which could result in out-of-bounds
memory access.
For Debian 11 bullseye, this problem has been fixed in version
1.7.14-1+deb11u3.
We recommend that you upgrade your cjson packages.
For the detailed security status of cjson please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cjson
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmjMIe9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdP1RAAhkYa2+9NyWRQNE5++r6b0haJZvgCu1+9Nqjaid7ZxOQ5wPniuLBmqrWT
DyVpb+udgOLHbr3pDVLDr8ptJ0/bNEaG21XF6VhCRFNrKVdD+5l5B1ijMbNcGbDj
CWwK8Re8wVE+ZCQMznzT5ROf7BPBOILMzwuB4ETNjKEhxpXg58zEZIQje4O1GeAN
v+R4ctj5KBedMfoCfV0t7FxbBDQ9usS/frAziBmGI7oSPoBGELYXkCBQH1XwbVqJ
KyMt6+SJ11Pp5zjy9RzpIT6RDGFU4DpREjVb1k/1PZcDhW0Djvpr5l9GLaT3GIWI
A6jHeSiUWNkgCSJapScU/n70xR/OlOSDU4FWotT3WsQnlVX7+pbhn4LLfkHqfr92
U4/xAkyzaCrSKR4zC0Sql42n7Evc0koHiilnXCZ7jgounSSBEz9YBovjPJgPZKlG
kY6QwOf1c/YE1W8urT04zL4ACnEIIfcSG6DQ1nxOMqhFj7XcdnrocCg3mjFVUNRr
v2hsI4JY6qqJriKhHhle20FaCRr4gHIJU0ksXOxpU2Lwk0N1saN9sIisAJqPdbez
2sEvFo9zVcgwH3wNcC6sV1X3gULLSI4efDLkhb0ZI2LyRi0m9/YnpUAN/VW4BwIn
96rqU07LI8hkL3+W1xDni3tl22anT1BsSnrZvN2SI15xwMSpBs0=
=/sr1
-----END PGP SIGNATURE-----
Reply to: