Your message dated Sun, 05 Mar 2023 00:49:02 +0000 with message-id <e1pycyg-00gs6w...@fasolo.debian.org> and subject line Bug#1011616: fixed in golang-github-tidwall-gjson 1.14.4-1 has caused the Debian Bug report #1011616, regarding golang-github-tidwall-gjson: CVE-2021-42248 allows attackers to cause a redos via crafted JSON input to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1011616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011616 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: golang-github-tidwall-gjson Version: 1.6.7-1 Severity: important Tags: security upstream X-Debbugs-Cc: codeh...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for golang-github-tidwall-gjson. CVE-2021-42248[0]: | GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON | input. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-42248 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42248 Please adjust the affected versions in the BTS as needed. -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.17.0-2-amd64 (SMP w/6 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: golang-github-tidwall-gjson Source-Version: 1.14.4-1 Done: Cyril Brulebois <cy...@debamax.com> We believe that the bug you reported is fixed in the latest version of golang-github-tidwall-gjson, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1011...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cyril Brulebois <cy...@debamax.com> (supplier of updated golang-github-tidwall-gjson package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 05 Mar 2023 01:34:13 +0100 Source: golang-github-tidwall-gjson Architecture: source Version: 1.14.4-1 Distribution: experimental Urgency: medium Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org> Changed-By: Cyril Brulebois <cy...@debamax.com> Closes: 1000225 1011616 Changes: golang-github-tidwall-gjson (1.14.4-1) experimental; urgency=medium . * New upstream release. * Security fixes (ReDoS – regular expression denial of service): - CVE-2021-42248 (Closes: #1011616). - CVE-2021-42836 (Closes: #1000225). Checksums-Sha1: 07d1406395e6814009fe4ea563515f65dce7893b 2405 golang-github-tidwall-gjson_1.14.4-1.dsc 5ea0b583f44d37fb6c4a0874da72f3900771bef6 58503 golang-github-tidwall-gjson_1.14.4.orig.tar.gz 014e3b004b376ab3dd4b41318bdbc62aeb57bbc7 2944 golang-github-tidwall-gjson_1.14.4-1.debian.tar.xz a2a5cf80363a5dab28483c86ed0d14f966329482 6676 golang-github-tidwall-gjson_1.14.4-1_source.buildinfo Checksums-Sha256: 7753cab9e07000fd43445f34415ed421bd3ab448d14ed6f76d97783fc850d7c8 2405 golang-github-tidwall-gjson_1.14.4-1.dsc 390ef447d99bd6e52342cd97152b75decb2565d28a16ed27d357b4e250a90b19 58503 golang-github-tidwall-gjson_1.14.4.orig.tar.gz 53108000d9b8f1fcec968b5fdb56c416d01723ae5fea623b6be24807d4488924 2944 golang-github-tidwall-gjson_1.14.4-1.debian.tar.xz db83931039913d1c7d186cd849a468229286617fa72e6d9fc22de6ab149314aa 6676 golang-github-tidwall-gjson_1.14.4-1_source.buildinfo Files: 94de81d1882bde4c1d9455d77a6ff699 2405 devel optional golang-github-tidwall-gjson_1.14.4-1.dsc 5cfcfbcf24504e44493e607bf6eeb009 58503 devel optional golang-github-tidwall-gjson_1.14.4.orig.tar.gz a948b719648203843ba28ea7efa50576 2944 devel optional golang-github-tidwall-gjson_1.14.4-1.debian.tar.xz f03414270d0b730298960e07cd798f7e 6676 devel optional golang-github-tidwall-gjson_1.14.4-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAmQD5GQQHGtpYmlAZGVi aWFuLm9yZwAKCRD/kUrwwrNVIH/WD/9OE/eXEognhIXli3bM0n8bQeQFnvc/RlTt PPBErmAzlLINRSGN/kD8Lc986/gRYI+RbJDXKS+mPgSVSwIZ92fLzYssxX0Rr3pT Yxjf5NIOp3fWqrtIWkOD1VGX93WOk5YZTWhYSFT8UB4fa5ZyvLJk0FM44Uf/TUSO Hx5y8erbsd6Q52hLLCRoERJKvQ61klfbdBOMfaSaIPaHjyScAJnrdQdSkuDnk6EJ +PIA+TYOuoa3KA/oO5eOV4h23nOkLqAIMYPsFyl8UI5VBtB4pjzeyB8rDFoCNpS4 fBENri6FogTHxriMaVWNPegAp3XqDhP88viPdMDNfm4o/AhHNO5MB6VP1grYakPP uxLpTWBDtHEUt8hMcNS50yYAxIFG4ZhpUnvTa5cI9cwJyttu3Rx239PgnFdpCUFO wUwW/BupP7OATsSymB96Ujng/TaxfhUFgDOo8ae9Ej6+ACCEPUkf1vDv5H6++IdQ I+yDAeln3K0NXc0GLTa6N6pMX3IQ7Xt8tziP5KxOJAyv05uXHwrQtspgWrPTPWQD GnC1UJLGGR3iNAuuGcUNbceg+l3OVJzR1tIgh0qUkRCvxnaTC3Wp5XcOZSOCOrKv Ma31t4gJn7Zeyeea//QVGaA3ZOoBQHu9k2wfvqVjvyZHyE03dOfeRtgJNYPhegca YrbkS7jEbQ== =8op+ -----END PGP SIGNATURE-----
--- End Message ---
