json-c: CVE-2013-6370 CVE-2013-6371
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
json-c (Debian) |
Fix Released
|
Unknown
|
|||
json-c (Ubuntu) |
Fix Released
|
Undecided
|
Dimitri John Ledkov |
Bug Description
Imported from Debian bug http://
Source: json-c
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for json-c.
CVE-2013-6370[0]:
buffer overflow if size_t is larger than int
CVE-2013-6371[1]:
hash collision DoS
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
The upstream patch is at [2].
For further information see:
[0] http://
https:/
[1] http://
https:/
[2] https:/
Regards,
Salvatore
Changed in json-c (Debian): | |
importance: | Undecided → Unknown |
status: | New → Fix Released |
Changed in json-c (Ubuntu Trusty): | |
assignee: | Dimitri John Ledkov (xnox) → nobody |
status: | In Progress → New |
no longer affects: | json-c (Ubuntu Precise) |
no longer affects: | json-c (Ubuntu Quantal) |
no longer affects: | json-c (Ubuntu Saucy) |
no longer affects: | json-c (Ubuntu Trusty) |
Patch for trusty is attached, using such a version number since u-series are not open yet.