Bug#1059317: marked as done (r-cran-jsonlite: CVE-2023-33460)

Debian Bug Tracking System Mon, 11 Nov 2024 12:06:12 -0800

Your message dated Mon, 11 Nov 2024 21:02:33 +0100
with message-id <ZzJi2RokqkmAZYSI@pisco.westfalen.local>
and subject line Re: r-cran-jsonlite: CVE-2023-33460
has caused the Debian Bug report #1059317,
regarding r-cran-jsonlite: CVE-2023-33460
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1059317: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059317
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: r-cran-jsonlite
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security

Hi,

The following vulnerability was published for yajl, which is embedded
by r-cran-jsonlite:

CVE-2023-33460[0]:
| There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse
| function. which will cause out-of-memory in server and cause crash.

https://github.com/lloyd/yajl/issues/250

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-33460
    https://www.cve.org/CVERecord?id=CVE-2023-33460

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

Version: 1.8.8+dfsg-1

Am Fri, Dec 22, 2023 at 02:54:28PM +0100 schrieb Moritz Mühlenhoff:
> Source: r-cran-jsonlite
> X-Debbugs-CC: t...@security.debian.org
> Severity: normal
> Tags: security
> 
> Hi,
> 
> The following vulnerability was published for yajl, which is embedded
> by r-cran-jsonlite:
> 
> CVE-2023-33460[0]:
> | There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse
> | function. which will cause out-of-memory in server and cause crash.
> 
> https://github.com/lloyd/yajl/issues/250

This got fixed in
https://github.com/jeroen/jsonlite/commit/ce9520f888c2339b48565fcc5ffecc85091e589e
which is part of v1.8.8.

Cheers,
        Moritz

--- End Message ---

Bug#1059317: marked as done (r-cran-jsonlite: CVE-2023-33460)

Reply via email to