diff -Nru cjson-1.7.16/CHANGELOG.md cjson-1.7.17/CHANGELOG.md
--- cjson-1.7.16/CHANGELOG.md	2023-07-04 09:02:03.000000000 +0000
+++ cjson-1.7.17/CHANGELOG.md	2023-12-26 02:24:36.000000000 +0000
@@ -1,3 +1,29 @@
+1.7.17 (Dec 26, 2023)
+======
+Fixes:
+------
+* Fix null reference in cJSON_SetValuestring(CVE-2023-50472), see #809
+* Fix null reference in cJSON_InsertItemInArray(CVE-2023-50471), see #809 and #810
+
+1.7.16 (Jul 5, 2023)
+======
+Features:
+------
+* Add an option for ENABLE_CJSON_VERSION_SO in CMakeLists.txt, see #534
+* Add cmake_policy to CMakeLists.txt, see #163
+* Add cJSON_SetBoolValue, see #639
+* Add meson documentation, see #761
+
+Fixes:
+------
+* Fix memory leak in merge_patch, see #611
+* Fix conflicting target names 'uninstall', see #617
+* Bump cmake version to 3.0 and use new version syntax, see #587
+* Print int without decimal places, see #630
+* Fix 'cjson_utils-static' target not exist, see #625
+* Add allocate check for replace_item_in_object, see #675
+* Fix a null pointer crash in cJSON_ReplaceItemViaPointer, see #726
+
 1.7.15 (Aug 25, 2021)
 ======
 Fixes:
diff -Nru cjson-1.7.16/CMakeLists.txt cjson-1.7.17/CMakeLists.txt
--- cjson-1.7.16/CMakeLists.txt	2023-07-04 09:02:03.000000000 +0000
+++ cjson-1.7.17/CMakeLists.txt	2023-12-26 02:24:36.000000000 +0000
@@ -2,7 +2,7 @@
 cmake_minimum_required(VERSION 3.0)
 
 project(cJSON
-    VERSION 1.7.15
+    VERSION 1.7.17
     LANGUAGES C)
 
 cmake_policy(SET CMP0054 NEW)  # set CMP0054 policy
diff -Nru cjson-1.7.16/CONTRIBUTORS.md cjson-1.7.17/CONTRIBUTORS.md
--- cjson-1.7.16/CONTRIBUTORS.md	2023-07-04 09:02:03.000000000 +0000
+++ cjson-1.7.17/CONTRIBUTORS.md	2023-12-26 02:24:36.000000000 +0000
@@ -10,8 +10,10 @@
 
 Contributors:  
 * [Ajay Bhargav](https://github.com/ajaybhargav)
+* [AlexanderVasiljev](https://github.com/AlexanderVasiljev)
 * [Alper Akcan](https://github.com/alperakcan)
 * [Andrew Tang](https://github.com/singku)
+* [Andy](https://github.com/mlh0101)
 * [Anton Sergeev](https://github.com/anton-sergeev)
 * [Benbuck Nason](https://github.com/bnason-nf)
 * [Bernt Johan Damslora](https://github.com/bjda)
@@ -29,20 +31,25 @@
 * [Fabrice Fontaine](https://github.com/ffontaine)
 * Ian Mobley
 * Irwan Djadjadi
+* [hopper-vul](https://github.com/hopper-vul)
 * [HuKeping](https://github.com/HuKeping)
 * [IvanVoid](https://github.com/npi3pak)
 * [Jakub Wilk](https://github.com/jwilk)
 * [Jiri Zouhar](https://github.com/loigu)
 * [Jonathan Fether](https://github.com/jfether)
+* [Joshua Arulsamy](https://github.com/jarulsamy)
 * [Julian Ste](https://github.com/julian-st)
 * [Julián Vásquez](https://github.com/juvasquezg)
+* [Junbo Zheng](https://github.com/Junbo-Zheng)
 * [Kevin Branigan](https://github.com/kbranigan)
 * [Kevin Sapper](https://github.com/sappo)
 * [Kyle Chisholm](https://github.com/ChisholmKyle)
 * [Linus Wallgren](https://github.com/ecksun)
+* [MaxBrandtner](https://github.com/MaxBrandtner)
 * [Mateusz Szafoni](https://github.com/raiden00pl)
 * Mike Pontillo
 * [miaoerduo](https://github.com/miaoerduo)
+* [mohawk2](https://github.com/mohawk2)
 * [Mike Jerris](https://github.com/mjerris)
 * [Mike Robinson](https://github.com/mhrobinson)
 * [Moorthy](https://github.com/moorthy-bs)
@@ -61,10 +68,14 @@
 * [Romain Porte](https://github.com/MicroJoe)
 * [SANJEEV BA](https://github.com/basanjeev)
 * [Sang-Heon Jeon](https://github.com/lntuition)
+* [Sayan Bandyopadhyay](https://github.com/saynb)
 * [Simon Sobisch](https://github.com/GitMensch)
 * [Simon Ricaldone](https://github.com/simon-p-r)
+* [Stoian Ivanov](https://github.com/sdrsdr)
+* [SuperH-0630](https://github.com/SuperH-0630)
 * [Square789](https://github.com/Square789)
 * [Stephan Gatzka](https://github.com/gatzka)
+* [Tony Langhammer](https://github.com/BigBrainAFK)
 * [Vemake](https://github.com/vemakereporter)
 * [Wei Tan](https://github.com/tan-wei)
 * [Weston Schmidt](https://github.com/schmidtw)
@@ -73,6 +84,7 @@
 * [yuta-oxo](https://github.com/yuta-oxo)
 * [Zach Hindes](https://github.com/zhindes)
 * [Zhao Zhixu](https://github.com/zhaozhixu)
+* [10km](https://github.com/10km)
 
 And probably more people on [SourceForge](https://sourceforge.net/p/cjson/bugs/search/?q=status%3Aclosed-rejected+or+status%3Aclosed-out-of-date+or+status%3Awont-fix+or+status%3Aclosed-fixed+or+status%3Aclosed&page=0)
 
diff -Nru cjson-1.7.16/Makefile cjson-1.7.17/Makefile
--- cjson-1.7.16/Makefile	2023-07-04 09:02:03.000000000 +0000
+++ cjson-1.7.17/Makefile	2023-12-26 02:24:36.000000000 +0000
@@ -8,7 +8,7 @@
 
 LDLIBS = -lm
 
-LIBVERSION = 1.7.15
+LIBVERSION = 1.7.17
 CJSON_SOVERSION = 1
 UTILS_SOVERSION = 1
 
diff -Nru cjson-1.7.16/cJSON.c cjson-1.7.17/cJSON.c
--- cjson-1.7.16/cJSON.c	2023-07-04 09:02:03.000000000 +0000
+++ cjson-1.7.17/cJSON.c	2023-12-26 02:24:36.000000000 +0000
@@ -117,7 +117,7 @@
 }
 
 /* This is a safeguard to prevent copy-pasters from using incompatible C and header files */
-#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 7) || (CJSON_VERSION_PATCH != 15)
+#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 7) || (CJSON_VERSION_PATCH != 17)
     #error cJSON.h and cJSON.c have different versions. Make sure that both have the same.
 #endif
 
@@ -401,7 +401,12 @@
 {
     char *copy = NULL;
     /* if object's type is not cJSON_String or is cJSON_IsReference, it should not set valuestring */
-    if (!(object->type & cJSON_String) || (object->type & cJSON_IsReference))
+    if ((object == NULL) || !(object->type & cJSON_String) || (object->type & cJSON_IsReference))
+    {
+        return NULL;
+    }
+    /* return NULL if the object is corrupted */
+    if (object->valuestring == NULL)
     {
         return NULL;
     }
@@ -2264,7 +2269,7 @@
 {
     cJSON *after_inserted = NULL;
 
-    if (which < 0)
+    if (which < 0 || newitem == NULL)
     {
         return false;
     }
@@ -2275,6 +2280,11 @@
         return add_item_to_array(array, newitem);
     }
 
+    if (after_inserted != array->child && after_inserted->prev == NULL) {
+        /* return false if after_inserted is a corrupted array item */
+        return false;
+    }
+
     newitem->next = after_inserted;
     newitem->prev = after_inserted->prev;
     after_inserted->prev = newitem;
diff -Nru cjson-1.7.16/cJSON.h cjson-1.7.17/cJSON.h
--- cjson-1.7.16/cJSON.h	2023-07-04 09:02:03.000000000 +0000
+++ cjson-1.7.17/cJSON.h	2023-12-26 02:24:36.000000000 +0000
@@ -81,7 +81,7 @@
 /* project version */
 #define CJSON_VERSION_MAJOR 1
 #define CJSON_VERSION_MINOR 7
-#define CJSON_VERSION_PATCH 15
+#define CJSON_VERSION_PATCH 17
 
 #include <stddef.h>
 
diff -Nru cjson-1.7.16/debian/changelog cjson-1.7.17/debian/changelog
--- cjson-1.7.16/debian/changelog	2023-07-04 14:00:01.000000000 +0000
+++ cjson-1.7.17/debian/changelog	2024-01-16 08:30:34.000000000 +0000
@@ -1,9 +1,9 @@
-cjson (1.7.16-3myguard1~focal) focal; urgency=medium
+cjson (1.7.17-3myguard1~focal) focal; urgency=medium
 
   * Full rebuild and backport from debian
   * See for more https://deb.myguard.nl
 
- -- Thijs Eilander <eilander@myguard.nl>  Tue, 04 Jul 2023 16:00:01 +0200
+ -- Thijs Eilander <eilander@myguard.nl>  Tue, 16 Jan 2024 09:30:34 +0100
 
 cjson (1.7.15-1) unstable; urgency=medium
 
diff -Nru cjson-1.7.16/tests/misc_tests.c cjson-1.7.17/tests/misc_tests.c
--- cjson-1.7.16/tests/misc_tests.c	2023-07-04 09:02:03.000000000 +0000
+++ cjson-1.7.17/tests/misc_tests.c	2023-12-26 02:24:36.000000000 +0000
@@ -352,6 +352,19 @@
 {
     char buffer[10];
     cJSON *item = cJSON_CreateString("item");
+    cJSON *array = cJSON_CreateArray();
+    cJSON *item1 = cJSON_CreateString("item1");
+    cJSON *item2 = cJSON_CreateString("corrupted array item3");
+    cJSON *corruptedString = cJSON_CreateString("corrupted");
+    struct cJSON *originalPrev;
+
+    add_item_to_array(array, item1);
+    add_item_to_array(array, item2);
+
+    originalPrev = item2->prev;
+    item2->prev = NULL;
+    free(corruptedString->valuestring);
+    corruptedString->valuestring = NULL;
 
     cJSON_InitHooks(NULL);
     TEST_ASSERT_NULL(cJSON_Parse(NULL));
@@ -411,6 +424,8 @@
     cJSON_DeleteItemFromObject(item, NULL);
     cJSON_DeleteItemFromObjectCaseSensitive(NULL, "item");
     cJSON_DeleteItemFromObjectCaseSensitive(item, NULL);
+    TEST_ASSERT_FALSE(cJSON_InsertItemInArray(array, 0, NULL));
+    TEST_ASSERT_FALSE(cJSON_InsertItemInArray(array, 1, item));
     TEST_ASSERT_FALSE(cJSON_InsertItemInArray(NULL, 0, item));
     TEST_ASSERT_FALSE(cJSON_InsertItemInArray(item, 0, NULL));
     TEST_ASSERT_FALSE(cJSON_ReplaceItemViaPointer(NULL, item, item));
@@ -427,10 +442,16 @@
     TEST_ASSERT_NULL(cJSON_Duplicate(NULL, true));
     TEST_ASSERT_FALSE(cJSON_Compare(item, NULL, false));
     TEST_ASSERT_FALSE(cJSON_Compare(NULL, item, false));
+    TEST_ASSERT_NULL(cJSON_SetValuestring(NULL, "test"));
+    TEST_ASSERT_NULL(cJSON_SetValuestring(corruptedString, "test"));
     cJSON_Minify(NULL);
     /* skipped because it is only used via a macro that checks for NULL */
     /* cJSON_SetNumberHelper(NULL, 0); */
 
+    /* restore corrupted item2 to delete it */
+    item2->prev = originalPrev;
+    cJSON_Delete(corruptedString);
+    cJSON_Delete(array);
     cJSON_Delete(item);
 }