Publishing details

• Published on 2023-12-14
• Copied from ubuntu focal in PPA for Ubuntu Security Proposed by Fabian Toepfer

Changelog

yajl (2.1.0-3ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: buffer overread in yajl_string_decode function
    - debian/patches/CVE-2017-16516.patch: don't advance our end pointer until
      we've checked we have enough buffer left and that the unicode escape is
      approaching.
    - CVE-2017-16516
  * SECURITY UPDATE: integer overflow leading to heap memory corruption when
    processing large (~2GB) inputs
    - debian/patches/CVE-2022-24795.patch: catch integer overflow and
      terminate the process with abort().
    - CVE-2022-24795
  * SECURITY UPDATE: memory leak in yajl_tree_parse function
    - debian/patches/CVE-2023-33460.patch: fix memory leak problems by
      releasing requested memory in time.
    - CVE-2023-33460

 -- Fabian Toepfer <email address hidden>  Thu, 14 Dec 2023 14:06:36 +0100

Builds

• amd64
• arm64
• armhf
• i386
• ppc64el
• riscv64
• s390x

Built packages

• libyajl-dev Yet Another JSON Library - development files

• libyajl-doc Yet Another JSON Library - library documentation

• libyajl2 Yet Another JSON Library

• libyajl2-dbgsym debug symbols for libyajl2

• yajl-tools Yet Another JSON Library - tools

• yajl-tools-dbgsym debug symbols for yajl-tools

Package files

• libyajl-dev_2.1.0-3ubuntu0.20.04.1_amd64.deb (25.6 KiB)
• libyajl-dev_2.1.0-3ubuntu0.20.04.1_arm64.deb (24.7 KiB)
• libyajl-dev_2.1.0-3ubuntu0.20.04.1_armhf.deb (22.7 KiB)
• libyajl-dev_2.1.0-3ubuntu0.20.04.1_i386.deb (27.5 KiB)
• libyajl-dev_2.1.0-3ubuntu0.20.04.1_ppc64el.deb (28.5 KiB)
• libyajl-dev_2.1.0-3ubuntu0.20.04.1_riscv64.deb (42.2 KiB)
• libyajl-dev_2.1.0-3ubuntu0.20.04.1_s390x.deb (24.5 KiB)
• libyajl-doc_2.1.0-3ubuntu0.20.04.1_all.deb (99.2 KiB)
• libyajl2-dbgsym_2.1.0-3ubuntu0.20.04.1_amd64.ddeb (40.4 KiB)
• libyajl2-dbgsym_2.1.0-3ubuntu0.20.04.1_arm64.ddeb (39.9 KiB)
• libyajl2-dbgsym_2.1.0-3ubuntu0.20.04.1_armhf.ddeb (39.9 KiB)
• libyajl2-dbgsym_2.1.0-3ubuntu0.20.04.1_i386.ddeb (35.4 KiB)
• libyajl2-dbgsym_2.1.0-3ubuntu0.20.04.1_ppc64el.ddeb (44.3 KiB)
• libyajl2-dbgsym_2.1.0-3ubuntu0.20.04.1_riscv64.ddeb (39.2 KiB)
• libyajl2-dbgsym_2.1.0-3ubuntu0.20.04.1_s390x.ddeb (40.1 KiB)
• libyajl2_2.1.0-3ubuntu0.20.04.1_amd64.deb (20.2 KiB)
• libyajl2_2.1.0-3ubuntu0.20.04.1_arm64.deb (19.4 KiB)
• libyajl2_2.1.0-3ubuntu0.20.04.1_armhf.deb (17.3 KiB)
• libyajl2_2.1.0-3ubuntu0.20.04.1_i386.deb (21.5 KiB)
• libyajl2_2.1.0-3ubuntu0.20.04.1_ppc64el.deb (22.7 KiB)
• libyajl2_2.1.0-3ubuntu0.20.04.1_riscv64.deb (17.8 KiB)
• libyajl2_2.1.0-3ubuntu0.20.04.1_s390x.deb (19.1 KiB)
• yajl-tools-dbgsym_2.1.0-3ubuntu0.20.04.1_amd64.ddeb (12.7 KiB)
• yajl-tools-dbgsym_2.1.0-3ubuntu0.20.04.1_arm64.ddeb (12.8 KiB)
• yajl-tools-dbgsym_2.1.0-3ubuntu0.20.04.1_armhf.ddeb (12.7 KiB)
• yajl-tools-dbgsym_2.1.0-3ubuntu0.20.04.1_i386.ddeb (11.9 KiB)
• yajl-tools-dbgsym_2.1.0-3ubuntu0.20.04.1_ppc64el.ddeb (12.9 KiB)
• yajl-tools-dbgsym_2.1.0-3ubuntu0.20.04.1_riscv64.ddeb (13.1 KiB)
• yajl-tools-dbgsym_2.1.0-3ubuntu0.20.04.1_s390x.ddeb (12.4 KiB)
• yajl-tools_2.1.0-3ubuntu0.20.04.1_amd64.deb (7.7 KiB)
• yajl-tools_2.1.0-3ubuntu0.20.04.1_arm64.deb (7.5 KiB)
• yajl-tools_2.1.0-3ubuntu0.20.04.1_armhf.deb (7.0 KiB)
• yajl-tools_2.1.0-3ubuntu0.20.04.1_i386.deb (7.7 KiB)
• yajl-tools_2.1.0-3ubuntu0.20.04.1_ppc64el.deb (7.8 KiB)
• yajl-tools_2.1.0-3ubuntu0.20.04.1_riscv64.deb (7.2 KiB)
• yajl-tools_2.1.0-3ubuntu0.20.04.1_s390x.deb (7.3 KiB)
• yajl_2.1.0-3ubuntu0.20.04.1.debian.tar.xz (6.9 KiB)
• yajl_2.1.0-3ubuntu0.20.04.1.dsc (2.1 KiB)
• yajl_2.1.0.orig.tar.gz (82.0 KiB)