infinite loop in patched cJSON_Minify function
Bug #1934643 reported by
Gabriel Zachmann
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| cjson (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Dear Maintainer,
Version 1.7.10-1.1 is the most recent version on focal. The last release included a patch for CVE-2019-11835 (issue #338 on
upstream). However, this patch introduced a bug in the patched function
cJSON_Minify (issue #354 on upstream). There is a (potential) infinite loop in
the relevant function. The issue has been fixed in commit
08d2bc766a82cd7
The fix is included in newer releases, so it is included on ubuntu groovy and newer.
I request to patch this issue on focal. The fix is very small (only two lines
of code).
The same issue arised on debian buster and the patch was applied (see https:/
Thanks for your help.
Revision history for this message
| Viet Tran (viettran) wrote | #1 |
Revision history for this message
| Gabriel Zachmann (gzachmann) wrote | #2 |
| Changed in cjson (Ubuntu): | |
| status: | New → Confirmed |
Revision history for this message
| Marcus H (marcvs) wrote | #3 |
To post a comment you must log in.
Please upgrade the library to fix the bug. It is a small bug but it causes showstopper issues in our software products. Thank you in advance.