[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-5072/libjson-java
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Dec 14 16:27:31 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8f212837 by Salvatore Bonaccorso at 2024-12-14T17:27:04+01:00
Track fixed version for CVE-2023-5072/libjson-java
libjson-java has related changes due to
https://github.com/kordamp/json-lib/issues/58 . These are included in
v3.1.0 upstream and all tests from
https://github.com/stleary/JSON-java/commit/dbb113176b143b519ad0a50b033a9997cc2248fe#diff-44caf7c2d0dfa560c6786c818cd109f6e891474ea8e1226bf08a583282160325R2260
do validae with v3.1.0 upstream.
Thanks: Pierre Gruet
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -110256,7 +110256,7 @@ CVE-2023-5555 (Cross-site Scripting (XSS) - Generic in GitHub repository frappe/
CVE-2023-5554 (Lack of TLS certificate verification in log transmission of a financia ...)
NOT-FOR-US: LINE
CVE-2023-5072 (Denial of Service in JSON-Java versions up to and including 20230618. ...)
- - libjson-java <unfixed> (bug #1053882)
+ - libjson-java 3.1.0+dfsg-1 (bug #1053882)
[bookworm] - libjson-java <no-dsa> (Minor issue, revisit when fixed upstream)
[bullseye] - libjson-java <no-dsa> (Minor issue)
[buster] - libjson-java <no-dsa> (Minor issue)
@@ -110274,6 +110274,7 @@ CVE-2023-5072 (Denial of Service in JSON-Java versions up to and including 2023
NOTE: https://github.com/stleary/JSON-java/commit/dbb113176b143b519ad0a50b033a9997cc2248fe (20231013)
NOTE: https://github.com/stleary/JSON-java/commit/16967f322ee65c301b48fa79bb681e38896fd212 (20231013)
NOTE: https://github.com/stleary/JSON-java/commit/661114c50dcfd53bb041aab66f14bb91e0a87c8a (20231013)
+ NOTE: https://github.com/kordamp/json-lib/issues/58
CVE-2023-5046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Procost
CVE-2023-5045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f2128371b6c0b7f5abf531db258c2cd9823fb85
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f2128371b6c0b7f5abf531db258c2cd9823fb85
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241214/4dbdfd0e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list