Ubuntu
json-c package

  1. Bug #1311397
  2. Comment #4

Comment 4 for bug 1311397

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package json-c - 0.11-4ubuntu1

---------------
json-c (0.11-4ubuntu1) utopic; urgency=medium

  * SECURITY UPDATE: denial of service via hash collision (LP: #1311397)
    - debian/patches/0001-Patch-to-address-the-following-issues.patch:
    Upstream patch to enable hash randomization.
    - CVE-2013-6371
  * SECURITY UPDATE: denial of service via buffer overflow (LP: #1311397)
    - debian/patches/0001-Patch-to-address-the-following-issues.patch:
    Upstream patch to guard against negative and maximum buffer sizes.
    - CVE-2013-6370

json-c (0.11-4) unstable; urgency=low

  * Add upstream patch to fix two security vulnerabilities (Closes: #744008)
    + [CVE-2013-6371]: hash collision denial of service
    + [CVE-2013-6370]: buffer overflow if size_t is larger than int
 -- Dimitri John Ledkov <email address hidden> Wed, 23 Apr 2014 01:12:44 +0100