it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 6001-1] cjson security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 6001-1] cjson security update
Date: Sun, 14 Sep 2025 18:37:15 +0000
Authentication-results: lists.piratenpartei.de; dkim=none; dmarc=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"
List-archive: https://lists.debian.org/msgid-search/aMcLW3Kuzm7qaBNR AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=v8WypZ9PipCk2QnAXubZ9OG1Fg17l5oR8vFjZvdT/to=; b=O6 lD/J1kLRrJB3ZmPCQQm2KasVdSmMGWRLS4uv6g43in958lZzfpbBzDc0pcFNrWzvLbtrCtx81XCeh 7nSJuaSvmkjFXYXQRDq9DG7sS3n4DxzSYeNqCngp+TUlqzUAqCQBHWwqm1hXi67x/1cNjdUoNINWB a/X0yyov93TchhjgUCngd2cLvGrJ8BHtX//jPPZc5PsolGLUdYUCU98h9ZE+UAA274U1kaMYguf+V tyqibmfUh28zKtvs81taX/knO68KhjDl1LEu4gOVtvHkEGQbs/ZUsPiVkDknyOlhj4d6V6husD46o BC9eEYPfJYB+ltDiAdLumnqwNlVZHamw==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Sun, 14 Sep 2025 18:37:35 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <1Y2qNd_FdBI.A.F9eL.utwxoB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6001-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 14, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : cjson
CVE ID : CVE-2025-57052

It was discovered that cJSON, an ultralightweight JSON parser, performed
insufficient input sanitising, which could result in out-of-bounds
memory access.

For the oldstable distribution (bookworm), this problem has been fixed
in version 1.7.15-1+deb12u4.

For the stable distribution (trixie), this problem has been fixed in
version 1.7.18-3.1+deb13u1.

We recommend that you upgrade your cjson packages.

For the detailed security status of cjson please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cjson

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjHCyQACgkQEMKTtsN8
TjbLkA/9G2mfvVzXhB36SxwX0OE5SWFLIzleIeNTvuzInzSVuri9s95HRz6pCPwm
xeucu/MUS6dToaidtIdv3or8H7SayZzJl6cherw529GMFRIYJDwpegmvKodNA01n
lbvspditDK9yW2Sd9avDKfS+gAMRiQyfkYzFTzuwxUgxL2S6pns+vUikEG7Mq4i3
UH1NGd4SD5sq68QRfl/JxOqwBj9FK2y6vsY6pekCSlPi1UPiCBRvVHUV0O1hr/vz
Z+EVsIheveh/eA31u9B8UakX9Mc5nAeyjeXXPFJrG63P8CM9hL+hW1zJ32rSUYx4
jqFeNd3NqEH31z9MpC8GQdtSyu40pscIXdON2utrBn9GTyVp47lRYhAXizSx8a7j
Ui0u3dU8IZjpGxP0JmeD0erKtf0LQiKxRdfjpk3AjF4PG6Z4CArAgNHn6CWqetBZ
NY8ToaRrH/RwiilOf3bx+708qKYbIXuySXEIZlpl6Un+3rDxEw8u7Q+P3IhT5lVu
vDBvHl/IOXnBQes4XcTwVFnY5mBS5AYhA6JOBED4iUI3ylYd9HE8VzxvM2Hlz+VA
UxCHf+B+Tc3HOLaEMEEFnu9Yr8XiMPD27QZRQVnMoe2r9h8A3sllJ5G9v2hW+HJe
loxs6BB6Er7vOu1d+JQtKwZ5BBDhgHK30dn2vQZJNvmsw9sWKuo=
=w0xS
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 6001-1] cjson security update, Moritz Muehlenhoff, 14.09.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.