[ubuntu/focal-security] yajl 2.1.0-3ubuntu0.20.04.1 (Accepted)
Fabian Toepfer
fabian.toepfer at canonical.com
Thu Dec 14 15:29:01 UTC 2023
yajl (2.1.0-3ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: buffer overread in yajl_string_decode function
- debian/patches/CVE-2017-16516.patch: don't advance our end pointer until
we've checked we have enough buffer left and that the unicode escape is
approaching.
- CVE-2017-16516
* SECURITY UPDATE: integer overflow leading to heap memory corruption when
processing large (~2GB) inputs
- debian/patches/CVE-2022-24795.patch: catch integer overflow and
terminate the process with abort().
- CVE-2022-24795
* SECURITY UPDATE: memory leak in yajl_tree_parse function
- debian/patches/CVE-2023-33460.patch: fix memory leak problems by
releasing requested memory in time.
- CVE-2023-33460
Date: 2023-12-14 13:28:25.453703+00:00
Changed-By: Fabian Toepfer <fabian.toepfer at canonical.com>
https://launchpad.net/ubuntu/+source/yajl/2.1.0-3ubuntu0.20.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list