-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-3577-1 security (at) debian (dot) org [email concealed]http://ift.tt/1kZ5swi Alessandro GhediniMay 14, 2016 http://ift.tt/1S3Txy1- -------------------------------------------------------------------------Package : janssonCVE ID : CVE-2016-4425Debian Bug : 823238Gustavo Grieco discovered that jansson, a C library for encoding,decoding and manipulating JSON data, did not limit the recursion depthwhen parsing JSON arrays and objects. This could allow remote attackersto cause a denial of service (crash) via stack exhaustion, using craftedJSON data.For the stable distribution (jessie), this problem has been fixed inversion 2.7-1+deb8u1.For the unstable distribution (sid), this problem has been fixed inversion 2.7-5.We recommend that you upgrade your jansson packages.Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: http://ift.tt/1kZ5swiMailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]-----BEGIN PGP SIGNATURE-----Version: GnuPG v2iQIcBAEBCgAGBQJXN1f0AAoJEK+lG9bN5XPL6yMP/0rcvD6Leb575MxsRC1eq5oLNrwgqJ/x6kE96jHBYYcM8Ra+riJnNCLF1gcbX2vp/xBYbKPR63RvHKLm3J8BEc+jHb3m+7joxf+JXkuKaPR51cm7sKQ6rWIKydd87KEXr1Iiam5a5MUfFJpHLkUvihZ9TQAKSztIJumxlZKdIYH+0A7TghoeczPcioqDfRJ14kE9hwh4d+qnL0r/CYwGS88QZor0Zi4OWhHCU2BPzNLSN1qXRvOTgPRd/+bKrJHxbAY8UCyd7b+BDk9NWX9nkdfZAoSYvLtPEQeGI8j0YZ9tzXKHX9E/WSWOrnPn0p1tn9qFvvAJpe/ev4/SooLD1a1O2MyY77cattsX+LAHAZdsqasOzvd5EuIB9/kiwJ3tSfWjj9o08zjGH8hvp6vGeM+aEUfZfc7AyW+l6glxJ9n3Njf1w1JjyYW6X2NfPEo47EQLYngtDCHS1E3Qg2ZscEenDsTKTc2GrYrQqDylfZUTWUD+pVKp1itarYq5pT6Bwfm+Oul7PHnGS+eDW1DexCUkdBedSuOMm3yiBwDI/bscGUMz8EnAJt8+86IhGa+76DByI7EFA54g7SyYFI4y68Irb2FqnRcT17JhMo+P6/5CchnZdYzwVfN9u/tlLX1JKpY0u5f2oQQia56iYdF7rtwgLP8qraUYeK60btbLYmpO=pQ8j-----END PGP SIGNATURE-----[ reply ]from SecurityFocus Vulnerabilities http://ift.tt/1WA3Yid
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3577-1 security (at) debian (dot) org [email concealed]
http://ift.tt/1kZ5swi Alessandro Ghedini
May 14, 2016 http://ift.tt/1S3Txy1
- ------------------------------------------------------------------------
-
Package : jansson
CVE ID : CVE-2016-4425
Debian Bug : 823238
Gustavo Grieco discovered that jansson, a C library for encoding,
decoding and manipulating JSON data, did not limit the recursion depth
when parsing JSON arrays and objects. This could allow remote attackers
to cause a denial of service (crash) via stack exhaustion, using crafted
JSON data.
For the stable distribution (jessie), this problem has been fixed in
version 2.7-1+deb8u1.
For the unstable distribution (sid), this problem has been fixed in
version 2.7-5.
We recommend that you upgrade your jansson packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://ift.tt/1kZ5swi
Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJXN1f0AAoJEK+lG9bN5XPL6yMP/0rcvD6Leb575MxsRC1eq5oL
NrwgqJ/x6kE96jHBYYcM8Ra+riJnNCLF1gcbX2vp/xBYbKPR63RvHKLm3J8BEc+j
Hb3m+7joxf+JXkuKaPR51cm7sKQ6rWIKydd87KEXr1Iiam5a5MUfFJpHLkUvihZ9
TQAKSztIJumxlZKdIYH+0A7TghoeczPcioqDfRJ14kE9hwh4d+qnL0r/CYwGS88Q
Zor0Zi4OWhHCU2BPzNLSN1qXRvOTgPRd/+bKrJHxbAY8UCyd7b+BDk9NWX9nkdfZ
AoSYvLtPEQeGI8j0YZ9tzXKHX9E/WSWOrnPn0p1tn9qFvvAJpe/ev4/SooLD1a1O
2MyY77cattsX+LAHAZdsqasOzvd5EuIB9/kiwJ3tSfWjj9o08zjGH8hvp6vGeM+a
EUfZfc7AyW+l6glxJ9n3Njf1w1JjyYW6X2NfPEo47EQLYngtDCHS1E3Qg2ZscEen
DsTKTc2GrYrQqDylfZUTWUD+pVKp1itarYq5pT6Bwfm+Oul7PHnGS+eDW1DexCUk
dBedSuOMm3yiBwDI/bscGUMz8EnAJt8+86IhGa+76DByI7EFA54g7SyYFI4y68Ir
b2FqnRcT17JhMo+P6/5CchnZdYzwVfN9u/tlLX1JKpY0u5f2oQQia56iYdF7rtwg
LP8qraUYeK60btbLYmpO
=pQ8j
-----END PGP SIGNATURE-----
[ reply ]