Bug#960326: json-c: CVE-2020-12762

To: 960326@bugs.debian.org
Subject: Bug#960326: json-c: CVE-2020-12762
From: Armand Grillet <agrillet@d2iq.com>
Date: Fri, 5 Jun 2020 15:10:27 +0200
Message-id: <[🔎] CADK=B0arqN7jjxOSFT6CEOqNLT22vO_q1SowY0r95kOm28MMhA@mail.gmail.com>
Reply-to: Armand Grillet <agrillet@d2iq.com>, 960326@bugs.debian.org
References: <158922691202.1456848.14032900298008797019.reportbug@eldamar.local>

Hi,

A fix has landed in json-c-0.12 (which is the upstream used for json-c in Debian Buster): https://github.com/json-c/json-c/commit/f2b7d0b5cbd0eccf4fb3c1851ec0864952be1057

I do not know how to get this fix in Debian's json-c repository https://salsa.debian.org/debian/json-c as there is a branch named debian/buster which contains changes made specifically for Debian and I am unaware of the review/release process of this package.

What should be the next steps?

Best regards,

Armand Grillet

Reply to:

Prev by Date: abiword is marked for autoremoval from testing
Next by Date: Processing of fig2ps_1.5-4_source.changes
Previous by thread: abiword is marked for autoremoval from testing
Next by thread: Processing of fig2ps_1.5-4_source.changes
Index(es):
- Date
- Thread