Bug#1071742: marked as done (cjson: CVE-2024-31755)

[Debian Bug Tracking System]

Your message dated Sat, 22 Jun 2024 13:19:50 +0000
with message-id <e1sl0ek-005rai...@fasolo.debian.org>
and subject line Bug#1071742: fixed in cjson 1.7.18-1
has caused the Debian Bug report #1071742,
regarding cjson: CVE-2024-31755
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1071742: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071742
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: cjson
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for cjson.

CVE-2024-31755[0]:
| cJSON v1.7.17 was discovered to contain a segmentation violation,
| which can trigger through the second parameter of function
| cJSON_SetValuestring at cJSON.c.

https://github.com/DaveGamble/cJSON/issues/839
https://github.com/DaveGamble/cJSON/pull/840
https://github.com/DaveGamble/cJSON/commit/7e4d5dabe7a9b754c601f214e65b544e67ba9f59


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-31755
    https://www.cve.org/CVERecord?id=CVE-2024-31755

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

Source: cjson
Source-Version: 1.7.18-1
Done: Maytham Alsudany <maytha8the...@gmail.com>

We believe that the bug you reported is fixed in the latest version of
cjson, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1071...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Maytham Alsudany <maytha8the...@gmail.com> (supplier of updated cjson package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 21 Jun 2024 21:36:20 +0800
Source: cjson
Architecture: source
Version: 1.7.18-1
Distribution: unstable
Urgency: medium
Maintainer: Maytham Alsudany <maytha8the...@gmail.com>
Changed-By: Maytham Alsudany <maytha8the...@gmail.com>
Closes: 1067510 1071742
Changes:
 cjson (1.7.18-1) unstable; urgency=medium
 .
   * Adopt package (Closes: #1067510)
   * New upstream version 1.7.18
     * Includes fix for CVE-2024-31755 (Closes: #1071742)
   * Add Build-Depends-Package to d/libcjson1.symbols
   * Add autopkgtest suite running upstream's tests
   * Bump Standards-Version to 4.7.0 (no changes)
Checksums-Sha1:
 6e992ab250b0bc2956c3eaf9c33599d343af5b0b 1778 cjson_1.7.18-1.dsc
 3e3408c124a2c885e2724ff88d7f5473cda53038 354726 cjson_1.7.18.orig.tar.gz
 2bc12d3d949696f79af53badf502ad5bf8b27c52 4656 cjson_1.7.18-1.debian.tar.xz
 7798eef83e08ff40e3688b83ddf8273ec4d47515 6267 cjson_1.7.18-1_source.buildinfo
Checksums-Sha256:
 320895519febcb0604dd6a0bbbbad31df8499319ee62ae9c941e98f20471f11e 1778 
cjson_1.7.18-1.dsc
 3aa806844a03442c00769b83e99970be70fbef03735ff898f4811dd03b9f5ee5 354726 
cjson_1.7.18.orig.tar.gz
 ed21d40a969bcd0d26d984e2dd8ad18be9d1ccc0daf0d7e493266d67c4936f64 4656 
cjson_1.7.18-1.debian.tar.xz
 3a5fefe1a8dff4bb2917edee425a1a0410ebf0a87eb793572849e00476cc2cd6 6267 
cjson_1.7.18-1_source.buildinfo
Files:
 1dcc37f03310937ac9a695dbcae80740 1778 libs optional cjson_1.7.18-1.dsc
 926245ca76bd04f338efcac489e2da9d 354726 libs optional cjson_1.7.18.orig.tar.gz
 7682a202ddf53dcadd6b832d891812b1 4656 libs optional 
cjson_1.7.18-1.debian.tar.xz
 d409345d4368e6f432c60eef0b4fffe7 6267 libs optional 
cjson_1.7.18-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmZ2yH8QHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFAg+C/9VObxeGmwqL/M/KyhHlM+ukiYbGwZ706ht
t+I7hhPmXxgxnw2dbg2BgDcXxUQvBKukNP2j5pyeTGv9AVoV+2clYNA49raE6LyG
zaZ1YRbX325SD+TMGNIsgTir+fkW4x+aSyI+E9IsApXdIvpCyXWwI96KexgHFpdB
tsn0FNLEhPvybDsJcZL9PpvHukLsKnezNHmg6RgOHZGVl5sy79Uxg2BYeXfgUImU
a+JMWYcseN47VNnyETXxIAwNKoUPRzj2gghT+S7h4uJw7ZLUYuG6evbrx4GIrurj
NfcfYMhA+Jd65n41xT/zwB16aW1TFvITk3US2bO7Wsp+KZbbBGJiddjg9l8Khb2l
1GMHMDAqTT7mm6oCLnWMLMShpGwN5vkltw7KVVQtyCDONTcGEJoJQOiNQOmHSjpg
8vSOTFRsFVB2LzoQY8wPQeznO5vDsbIEA0V3uOfYR9K4pxfJ9Zy15Go5syHIIyKE
GRz9TAMzMabOqo7GT2gJ3xUCqyGg4Wo=
=Yh2f
-----END PGP SIGNATURE-----

pgpXrrmMJMyMV.pgp
Description: PGP signature

--- End Message ---