Your message dated Sat, 25 May 2024 11:32:08 +0000
with message-id <e1sapda-00cxyt...@fasolo.debian.org>
and subject line Bug#1039985: fixed in json-smart 2.2-2+deb12u1
has caused the Debian Bug report #1039985,
regarding libjson-smart-java: buster-lts has a newer version than
bullseye/bookworm/sid
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1039985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039985
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libjson-smart-java
Version: 2.2-2
Severity: serious
Tags: bullseye bookworm trixie sid
User: debian...@lists.debian.org
Usertags: piuparts
X-Debbugs-Cc: Bastien Roucariès <ro...@debian.org>
Hi,
during a test with piuparts I noticed your package cannot be upgraded
from buster-lts to any newer release since buster-lts has a version
newer than any later release:
json-smart | 2.2-1 | stretch | source
json-smart | 2.2-2 | buster | source
json-smart | 2.2-2 | bullseye | source
json-smart | 2.2-2 | bookworm | source
json-smart | 2.2-2 | trixie | source
json-smart | 2.2-2 | sid | source
json-smart | 2.2-2+deb10u1 | buster-security | source
Andreas
--- End Message ---
--- Begin Message ---
Source: json-smart
Source-Version: 2.2-2+deb12u1
Done: Andreas Beckmann <a...@debian.org>
We believe that the bug you reported is fixed in the latest version of
json-smart, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1039...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated json-smart package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 21 May 2024 01:38:17 +0200
Source: json-smart
Architecture: source
Version: 2.2-2+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1033474 1039985
Changes:
json-smart (2.2-2+deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload.
* Rebuild for bookworm. (Closes: #1039985)
.
json-smart (2.2-2+deb11u1) bullseye; urgency=medium
.
* Non-maintainer upload.
* Rebuild for bullseye. (Closes: #1039985)
.
json-smart (2.2-2+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* CVE-2023-1370: stack overflow due to excessive recursion
When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code
parses an array or an object respectively. It was discovered that the
code does not have any limit to the nesting of such arrays or
objects. Since the parsing of nested arrays and objects is done
recursively, nesting too many of them can cause a stack exhaustion
(stack overflow) and crash the software. (Closes: #1033474)
* CVE-2021-31684: Fix indexOf
A vulnerability was discovered in the indexOf function of
JSONParserByteArray in JSON Smart versions 1.3 and 2.4
which causes a denial of service (DOS)
via a crafted web request.
Checksums-Sha1:
12681d4e9c2c27df8f9718e32016c0d3c2c26612 2094 json-smart_2.2-2+deb12u1.dsc
d24ee7eb59c736c27660c883174505eff555c03f 6084
json-smart_2.2-2+deb12u1.debian.tar.xz
e97b106e3c62f18fa1494eb96ccaf52cbf204e14 13530
json-smart_2.2-2+deb12u1_source.buildinfo
Checksums-Sha256:
15b8c906664ee685e52457c5c4bbed7307af2c260e752f8e38116c087a531762 2094
json-smart_2.2-2+deb12u1.dsc
7531fa48b62df60b301e81028cc6e8720860f3fd3de497ae7411c05372adcd8c 6084
json-smart_2.2-2+deb12u1.debian.tar.xz
bd894ea54f17c978a2cc3ab2c06136eabc4802011d2ba77138ab1f60ea5cd290 13530
json-smart_2.2-2+deb12u1_source.buildinfo
Files:
0f1ace273a9c8ed099a0287c017234d8 2094 java optional
json-smart_2.2-2+deb12u1.dsc
e0e77dba4e8b8de32567cec66b70f1d6 6084 java optional
json-smart_2.2-2+deb12u1.debian.tar.xz
9e2245afa710a74a0062f242ef7bd0d7 13530 java optional
json-smart_2.2-2+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmZL4O8QHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCDYvEACEo797w2S+eqfEtdwkSE9c73Bpes/Plshx
1IEhukDTPNPhEz6c6MZ6Io8zewcIiPo9nh93c12uwzRsJb2CeD2HgX40ZTrxnMR8
IgZ56xH1gAuSra99K2/4cH6fnrVIpD2BkQfCTP8LkeGYXUHUizA2ZkN707lG+V4h
BKSS/WoMDX6uBdz1WqDiciW7hbyq+7wtVcJbRPYUn2ZKzpSu8W7ENV9KT6DRs/RM
D5a+cKobO7LHSFAipm1CSqjKs6osCy9fYaRL4CZZX3MKajIscWU01NPJ/fYz3td9
EuhXjxJz2LDFodAcRZhTu0JNNP0FPyD7SYnoc2LbkAalZihvPq38a/SnCHyZnlKv
WNxD9oEbyepf+uvWp1DMhE1VDZO0zLvLu9xzX9NTQif6h1vXnlPXpmoKGT1KqDjM
n2Uy1ZiINY2vZxLYPRKmiRtzCt83zCgmGV/m2rMDhGhfzd5VZntfnZ9YgqsyyHt+
uH/4soelXn3E+rDSGdV6KdXzCA5iEjrX8i6gIGNKRARtTFAYe//Qvv2cOrzSOZPS
U9nxk9mqwR5O/ZuDMVmMX9yH/joGyqKZMd05FpTA/ArBhf2KHE9mqMuK7tJ1cSuW
r9avVNNPIbWGc2XQtsgDRo7AnPnX7iGU2DMQDX0a5NxONOiWJlGiCapb7553WPrf
uwT4umOGGA==
=XJ9L
-----END PGP SIGNATURE-----
pgpxjzf6a07TT.pgp
Description: PGP signature
--- End Message ---
