* SECURITY UPDATE: denial of service via hash collision (LP: #1311397)
- debian/patches/0001-Patch-to-address-the-following-issues.patch:
Upstream patch to enable hash randomization.
- CVE-2013-6371
* SECURITY UPDATE: denial of service via buffer overflow (LP: #1311397)
- debian/patches/0001-Patch-to-address-the-following-issues.patch:
Upstream patch to guard against negative and maximum buffer sizes.
- CVE-2013-6370
json-c (0.11-4) unstable; urgency=low
* Add upstream patch to fix two security vulnerabilities (Closes: #744008)
+ [CVE-2013-6371]: hash collision denial of service
+ [CVE-2013-6370]: buffer overflow if size_t is larger than int
-- Dimitri John Ledkov <email address hidden> Wed, 23 Apr 2014 01:12:44 +0100
This bug was fixed in the package json-c - 0.11-4ubuntu1
---------------
json-c (0.11-4ubuntu1) utopic; urgency=medium
* SECURITY UPDATE: denial of service via hash collision (LP: #1311397) patches/ 0001-Patch- to-address- the-following- issues. patch: patches/ 0001-Patch- to-address- the-following- issues. patch:
- debian/
Upstream patch to enable hash randomization.
- CVE-2013-6371
* SECURITY UPDATE: denial of service via buffer overflow (LP: #1311397)
- debian/
Upstream patch to guard against negative and maximum buffer sizes.
- CVE-2013-6370
json-c (0.11-4) unstable; urgency=low
* Add upstream patch to fix two security vulnerabilities (Closes: #744008)
+ [CVE-2013-6371]: hash collision denial of service
+ [CVE-2013-6370]: buffer overflow if size_t is larger than int
-- Dimitri John Ledkov <email address hidden> Wed, 23 Apr 2014 01:12:44 +0100