Bug#1108861: unblock: cjson/1.7.18-3.1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1108861: unblock: cjson/1.7.18-3.1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 06 Jul 2025 15:19:33 +0200
Message-id: <[🔎] 175180797311.3486371.18318426669413647048.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1108861@bugs.debian.org

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: cjson@packages.debian.org, Adrian Bunk <bunk@debian.org>, team@security.debian.org, Maytham Alsudany <maytha8thedev@gmail.com>, carnil@debian.org
Control: affects -1 + src:cjson
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi,

Please unblock package cjson

[ Reason ]
cjson 1.7.18-3 was prone to CVE-2023-26819, fixed by Adrian in the
1.7.18-3.1 NMU, cf. #1103687.

[ Impact ]
cjson in trixie remains vulnerable so far to CVE-2023-26819. There is
as well a pending cjson bookworm-pu update covering as well this CVE.

[ Tests ]
I have done none. There is a test covering the change.

[ Risks ]
Probably low, upstream change applied.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock cjson/1.7.18-3.1

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: unblock: cjson/1.7.18-3.1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1108861: marked as done (unblock: cjson/1.7.18-3.1)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: unblock: geeqie/2.5-8 (pre-approval)
Next by Date: Processed: unblock: cjson/1.7.18-3.1
Previous by thread: Bug#1108859: marked as done (unblock: geeqie/2.5-8 (pre-approval))
Next by thread: Processed: unblock: cjson/1.7.18-3.1
Index(es):
- Date
- Thread