Your message dated Fri, 25 Apr 2025 08:55:11 +0000
with message-id <e1u8epz-004fds...@fasolo.debian.org>
and subject line Bug#1083185: fixed in rapidjson 1.1.0+dfsg2-7.4
has caused the Debian Bug report #1083185,
regarding rapidjson: CVE-2024-38517
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1083185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083185
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: rapidjson
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rapidjson.
CVE-2024-38517[0]:
| Tencent RapidJSON is vulnerable to privilege escalation due to an
| integer underflow in the `GenericReader::ParseNumber()` function of
| `include/rapidjson/reader.h` when parsing JSON text from a stream.
| An attacker needs to send the victim a crafted file which needs to
| be opened; this triggers the integer underflow vulnerability (when
| the file is parsed), leading to elevation of privilege.
https://github.com/Tencent/rapidjson/pull/1261
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-38517
https://www.cve.org/CVERecord?id=CVE-2024-38517
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: rapidjson
Source-Version: 1.1.0+dfsg2-7.4
Done: Bastian Germann <b...@debian.org>
We believe that the bug you reported is fixed in the latest version of
rapidjson, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1083...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Germann <b...@debian.org> (supplier of updated rapidjson package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 25 Apr 2025 10:12:00 +0200
Source: rapidjson
Architecture: source
Version: 1.1.0+dfsg2-7.4
Distribution: unstable
Urgency: medium
Maintainer: Alexander GQ Gerasiov <g...@debian.org>
Changed-By: Bastian Germann <b...@debian.org>
Closes: 1083185
Changes:
rapidjson (1.1.0+dfsg2-7.4) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2024-38517 with upstream patch. (Closes: #1083185)
Checksums-Sha1:
8fee8297587bc8f72c6b0e2f0de7e8814d38b718 1850 rapidjson_1.1.0+dfsg2-7.4.dsc
ca451a5275f747926b6f83905701e430aca4b41b 15808
rapidjson_1.1.0+dfsg2-7.4.debian.tar.xz
6d7d0d7e0c5c311aa4d8fc5a4916261cd9579078 6766
rapidjson_1.1.0+dfsg2-7.4_source.buildinfo
Checksums-Sha256:
a4aab52f887f92d81e5fc6880224ae9659318688e18fa69c1f6010d36f304504 1850
rapidjson_1.1.0+dfsg2-7.4.dsc
cd2f21fd109ffc827d18293ded1ae57bec7d6ff37e25564dfba9a0d9a4c7db6a 15808
rapidjson_1.1.0+dfsg2-7.4.debian.tar.xz
b1d5dee455e9b6cf88c6bb92a3bf0588235a217e5e74345199427c3dc9655a2f 6766
rapidjson_1.1.0+dfsg2-7.4_source.buildinfo
Files:
f69563aec8f29b79423d2c82916e1b74 1850 libs optional
rapidjson_1.1.0+dfsg2-7.4.dsc
ec4cc3ddd8bda3c2976d9c1f25869f19 15808 libs optional
rapidjson_1.1.0+dfsg2-7.4.debian.tar.xz
fab25962c0d6491a345bbbf2db5f055b 6766 libs optional
rapidjson_1.1.0+dfsg2-7.4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmgLRBsQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFJSZC/9P3/7WTPIG2CyqigwGfOs/mdZeXzkbc3ex
4pJDTme6LvMjH+6BVVhOqAj3jjbc7LsnKDdjjPkE1gpClyimay0Wjk17lN6xI0Q1
sP3XoBU4wyeLomfZVfs5QGbtdUQvAsxJee9n5tPKWEyC+MMjqU+EczBijhDBn1l1
cnQKLd4Bx+wY5Tfzk/TguylGWJd1kFv55Yf+JhspbiNOH8a0osnGU0J0n2Cd2w4l
RAPdST2qfJc+jTb+IkXVzzwY/i60eTs8GOeVmeFFK9nWNGSLIOUDsFDpv4ODjFGZ
SFPfSSH47wJOieKfOqQbpSkbedi4bsHxSsBI7Ej29JJbFrfqCazxH0yl5vKTeb0c
6bHllnRP5FycZxQtbsex06K/ICBAiqnF3/LckkntqgTRKnoo/nWT0CLm3bD2U1Ps
5Gzvzb5bngmRUispYj+XregAux6dq+LSpCUwzqQzteBlwo0zj9R8aEQtd8rWuM33
lImzzfuMdfOj4eAIjQfTPFZ019QJi7A=
=9iXK
-----END PGP SIGNATURE-----
pgpmM_17ycLNZ.pgp
Description: PGP signature
--- End Message ---
