[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 471-1] jansson security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : jansson
Version        : 2.3.1-2+deb7u1
CVE ID         : CVE-2016-4425
Debian Bug     : 823238


Applications that depend on Jansson, a C library for encoding,
decoding and manipulating JSON data, could crash due to stack
exhaustion while parsing a JSON file. This was caused due to an
unlimited parsing depth when parsing JSON arrays and is now fixed by
limiting the depth to 2048.

For Debian 7 "Wheezy", this problem has been fixed in version
2.3.1-2+deb7u1.

We recommend that you upgrade your jansson packages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJXNgo8XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkehIP/0k/xpHU+mES/EeGnzmF8DYL
hYv1Gt343/4qc0b+VUsSUg/9ho35NYlyS+adcpVfkdZQJSSqTgaeMR3NhaH82asv
opSkiSwUs/3WRlV4gUr6jqfzfhGALBls8Q4PIuoUAZ8aLpVWEyECm1w4PBYQpF4P
y1FjwtcE5HTdc5fCEuJk7YhvHFQLMakvfkEq0Y8TArpY6mpBYH9wwKhslxNd78QA
fdg1s1t90fEZs5W/8HcNUk2r+SQpClGufGNl+2ydF78KnkZXlFSrfmHSXNHRNHje
DDscfI+WD07K1iFZPjVtACQpUuVqLV2wFjSzpZy5txR+iswA3w2NHAxZdgZGg/7I
WxsF/oxJz0yeCtzRkOhZbtBuYMpoVhF67wTWu+JHlUVTHTjuk2MsbMaYlxkkPT+V
Qi8S2vSFRo0wOmvV6zSeOT++YireS1YlDt8fapnlQQwApFmaC4lo0vUy8LB9c6Hq
W5LYmFMC1h2pWcBJCX4mIhyAgoTZPjmwmCwiC3ymeFikWBjIhRW5CWfksgvc1lvN
HTBmBQEGYqNHFaQFVNZ7k+oEI/6kTv81vPVylk/RdIpCH6Oh67QDlZz/p9b1Igtb
6WR4rlgpMuHdGD9Y6xm+5PMsa/mc13paEstr2pyx6uxd35qdgoUpH/xQB9q8Xj9g
IDyZquaHlcVpMrsMzxGp
=YYMi
-----END PGP SIGNATURE-----


Reply to: