Your message dated Mon, 11 Jan 2021 09:28:18 +0000 with message-id <e1kytuo-000bw4...@fasolo.debian.org> and subject line Bug#977622: fixed in golang-github-tidwall-gjson 1.6.7-1 has caused the Debian Bug report #977622, regarding golang-github-tidwall-gjson: CVE-2020-35380 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 977622: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977622 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: golang-github-tidwall-gjson Version: 1.1.5-2 Severity: important Tags: security upstream Forwarded: https://github.com/tidwall/gjson/issues/192 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for golang-github-tidwall-gjson. CVE-2020-35380[0]: | GJSON before 1.6.4 allows attackers to cause a denial of service via | crafted JSON. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-35380 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35380 [1] https://github.com/tidwall/gjson/issues/192 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: golang-github-tidwall-gjson Source-Version: 1.6.7-1 Done: Thorsten Alteholz <deb...@alteholz.de> We believe that the bug you reported is fixed in the latest version of golang-github-tidwall-gjson, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 977...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <deb...@alteholz.de> (supplier of updated golang-github-tidwall-gjson package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Jan 2021 16:01:30 +0000 Source: golang-github-tidwall-gjson Architecture: source Version: 1.6.7-1 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org> Changed-By: Thorsten Alteholz <deb...@alteholz.de> Closes: 977622 Changes: golang-github-tidwall-gjson (1.6.7-1) unstable; urgency=medium . * New upstream release 1.6.7 * Fix for: - CVE-2020-36067 - CVE-2020-36066 at least v1.0.3 of golang-github-tidwall-match is required - CVE-2020-35380 (Closes: #977622) * Add myself as uploader * debian/control: add missing Depends: golang-github-tidwall-pretty-dev * debian/control: use dh13 * debian/control: bump standard to 4.5.1 (no changes) * reverse dependencies successfully built with ratt: - golang-github-tidwall-buntdb - golang-github-tidwall-grect - wuzz - garagemq - g10k Checksums-Sha1: f2b24fe9b76fd5cf8382e1a239ffb4b5eb1f68cc 2532 golang-github-tidwall-gjson_1.6.7-1.dsc 6cdfd07b1b3956137e69b795d470f9ab2b12f5e9 52035 golang-github-tidwall-gjson_1.6.7.orig.tar.gz 76b2c38f57c38def7c09435e9d0b2e7bcc324b9b 2520 golang-github-tidwall-gjson_1.6.7-1.debian.tar.xz e76cb62f9eb00b4d1ee723a4f5d53143b6531ddb 6786 golang-github-tidwall-gjson_1.6.7-1_amd64.buildinfo Checksums-Sha256: ce5649ad1aded9f7f373e8ae0f399f3629afc4e994540493fb55e96e796a8b51 2532 golang-github-tidwall-gjson_1.6.7-1.dsc 26dbae82e871df9a578a73412227d7602d9c875dcfb3ece0156eebabda468877 52035 golang-github-tidwall-gjson_1.6.7.orig.tar.gz 55b0c2b620a15a949efd7712cee921feacc8a9708bd1f799a7c0bddf8678c1d7 2520 golang-github-tidwall-gjson_1.6.7-1.debian.tar.xz 0ac4a8b387cd9398a71c68b8d3de151567d86c3d1494f9828810309e54b67ed8 6786 golang-github-tidwall-gjson_1.6.7-1_amd64.buildinfo Files: 3ee348a45f8b7a57cdf6f02661aa9672 2532 devel optional golang-github-tidwall-gjson_1.6.7-1.dsc c4927c6b21ed1db8a288d1125dce645e 52035 devel optional golang-github-tidwall-gjson_1.6.7.orig.tar.gz 3f3aba646fd8eb0700cdb4cf84005413 2520 devel optional golang-github-tidwall-gjson_1.6.7-1.debian.tar.xz d151deb4b8449566b3b80c1ddd1134b3 6786 devel optional golang-github-tidwall-gjson_1.6.7-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl/7LRdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYRwAuD/9tZ0JEUEeJlnSzqDVvDPoz94ePzIz5 cwToism2X+aXF3pnqQmkgsrzjugZCdMTOvKcAH47BFurFBpLnJ4Pg8yW5ro0l4X+ B0Sjp8RYyyibmEfg4CNbrwWZNObt26NLAOuHewwh5ClUn5VmPSYhZo/YIn+C/sQ3 LRsinjbQDC+CzzUz3JyfMet9ypB/TY2C4VHwZYBl2vLm1f6awamqR01CiGOd3Ku5 T2n/mSgYC+ojlbvOcqZWtk0j/Gjt/ET0BQmv5edaaUrWqZVIWtnEsEgFKqXyHHA2 wVJHCLACMOzB1D9ZxZHNSogpHcPBW41qO8WbGuC6Dfr0rhYZ+JJ0BJCh/cDYmHkr aHWUkEtlqn05ahKaVMKxm/+j294p9s9fVNP47Ih/NK8WmJWtdqHSjowpnzCH0Eo7 2SacNQLBL2KVk/RmQWKeVCuWAim9TfVPSkinlCQ76XCx0TUDuWZwlArF9h53/iTG O8c+A551OHkhof8Bdek6Qh17MM3F9UKW9QYXp/eqVs5i6CJFkn6wYF2CCU3Jb7ip dUfol4PdguTP4Olfzp66WdHCWkmDsnoLpW3mLsCKRouPMnfSlZiRJhL35HGqiBOa oWuDcYZVUvTDR27C3jd9gWiCo1YOXMnToaYcAGBD0sEny/cZ5hMXxvENic9vh7p0 aF6QogVEkjuh4A== =TA9e -----END PGP SIGNATURE-----
--- End Message ---
