[SECURITY] [DSA 6001-1] cjson security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6001-1] cjson security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 14 Sep 2025 18:37:15 +0000
Message-id: <[🔎] aMcLW3Kuzm7qaBNR@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6001-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 14, 2025                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : cjson
CVE ID         : CVE-2025-57052

It was discovered that cJSON, an ultralightweight JSON parser, performed
insufficient input sanitising, which could result in out-of-bounds
memory access.

For the oldstable distribution (bookworm), this problem has been fixed
in version 1.7.15-1+deb12u4.

For the stable distribution (trixie), this problem has been fixed in
version 1.7.18-3.1+deb13u1.

We recommend that you upgrade your cjson packages.

For the detailed security status of cjson please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cjson

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjHCyQACgkQEMKTtsN8
TjbLkA/9G2mfvVzXhB36SxwX0OE5SWFLIzleIeNTvuzInzSVuri9s95HRz6pCPwm
xeucu/MUS6dToaidtIdv3or8H7SayZzJl6cherw529GMFRIYJDwpegmvKodNA01n
lbvspditDK9yW2Sd9avDKfS+gAMRiQyfkYzFTzuwxUgxL2S6pns+vUikEG7Mq4i3
UH1NGd4SD5sq68QRfl/JxOqwBj9FK2y6vsY6pekCSlPi1UPiCBRvVHUV0O1hr/vz
Z+EVsIheveh/eA31u9B8UakX9Mc5nAeyjeXXPFJrG63P8CM9hL+hW1zJ32rSUYx4
jqFeNd3NqEH31z9MpC8GQdtSyu40pscIXdON2utrBn9GTyVp47lRYhAXizSx8a7j
Ui0u3dU8IZjpGxP0JmeD0erKtf0LQiKxRdfjpk3AjF4PG6Z4CArAgNHn6CWqetBZ
NY8ToaRrH/RwiilOf3bx+708qKYbIXuySXEIZlpl6Un+3rDxEw8u7Q+P3IhT5lVu
vDBvHl/IOXnBQes4XcTwVFnY5mBS5AYhA6JOBED4iUI3ylYd9HE8VzxvM2Hlz+VA
UxCHf+B+Tc3HOLaEMEEFnu9Yr8XiMPD27QZRQVnMoe2r9h8A3sllJ5G9v2hW+HJe
loxs6BB6Er7vOu1d+JQtKwZ5BBDhgHK30dn2vQZJNvmsw9sWKuo=
=w0xS
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6000-1] libcpanel-json-xs-perl security update
Previous by thread: [SECURITY] [DSA 6000-1] libcpanel-json-xs-perl security update
Index(es):
- Date
- Thread