Am 30.04.23 um 13:39 schrieb Florian Ernst:
Source: libfastjson Version: 0.99.9-2 Severity: normal Tags: security patch X-Debbugs-Cc: Debian Security Team <[email protected]>Dear maintainer, there is a new upstream release available (there were two, in fact, but only the latter seems complete) in which the release numbering changes but more importantly CVE-2020-12762 gets fixed[0]. According to upstream the latter "did not affect rsyslog use due to size limits"[1], and the Debian Security Tracker only lists it as affecting json-c[2]. Either way, it seems worthwhile fixing this, even (or especially) during this time of the Debian release cycle. I'll leave the decision on this (and the timing thereof) at your discretion, of course.
I've uploaded the new release to unstable.I don't plan to file an unblock request for bookworm, but I wouldn't object if you want to pursue this.
Michael
OpenPGP_signature
Description: OpenPGP digital signature
