[Git][security-tracker-team/security-tracker][master] Reserve DLA-4216-1 for cjson

Sun Jun 15 21:49:43 BST 2025


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a40f569 by Adrian Bunk at 2025-06-15T23:49:30+03:00
Reserve DLA-4216-1 for cjson

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -204343,7 +204343,6 @@ CVE-2023-26820 (siteproxy v1.0 was discovered to contain a path traversal vulner
 CVE-2023-26819 (cJSON 1.7.15 might allow a denial of service via a crafted JSON docume ...)
 	- cjson 1.7.18-3.1 (bug #1103687)
 	[bookworm] - cjson <no-dsa> (Minor issue)
-	[bullseye] - cjson <postponed> (Minor issue)
 	NOTE: https://github.com/boofish/json_bugs/tree/main/cjson
 	NOTE: Fixed by: https://github.com/DaveGamble/cJSON/commit/a328d65ad490b64da8c87523cbbfe16050ba5bf6
 CVE-2023-26818 (Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files,  ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Jun 2025] DLA-4216-1 cjson - security update
+	{CVE-2023-26819 CVE-2023-53154}
+	[bullseye] - cjson 1.7.14-1+deb11u2
 [12 Jun 2025] DLA-4215-1 ublock-origin - security update
 	{CVE-2025-4215}
 	[bullseye] - ublock-origin 1.62.0+dfsg-0+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -73,10 +73,6 @@ ceph
   NOTE: 20241221: Liasing with maintainer. (lamby)
   NOTE: 20241231: Reviewing package with maintainer. (lamby)
 --
-cjson (Adrian Bunk)
-  NOTE: 20250609: Added by Front-Desk (rouca)
-  NOTE: 20250609: Fix CVE-2023-53154 (OoB write) and if possible postponed CVE-2023-26819 (DoS) (rouca/FD)
---
 ckeditor
   NOTE: 20241002: Added by Front-Desk (Beuc)
   NOTE: 20241002: Multiple CVEs have been piling up (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a40f569b6c19de71f5753b06bf2b88ae29562bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a40f569b6c19de71f5753b06bf2b88ae29562bb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250615/9d516e5b/attachment-0001.htm>
