Package: yajl / 2.1.0-3+deb12u2

Metadata

Package Version Patches format
yajl 2.1.0-3+deb12u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
dynamically link tools.patch | (download)

reformatter/CMakeLists.txt | 2 1 + 1 - 0 !
verify/CMakeLists.txt | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 
---
multiarch.patch | (download)

src/CMakeLists.txt | 10 5 + 5 - 0 !
src/yajl.pc.cmake | 2 1 + 1 - 0 !
2 files changed, 6 insertions(+), 6 deletions(-)

 
---
CVE 2017 16516.patch | (download)

src/yajl_encode.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 fix for cve-2017-16516
 Potential buffer overread: A JSON file can cause denial of service.
CVE 2022 24795.patch | (download)

src/yajl_buf.c | 12 11 + 1 - 0 !
1 file changed, 11 insertions(+), 1 deletion(-)

 
 fix for cve-2022-24795
 An integer overflow will lead to heap memory corruption with large (~2GB) inputs.
CVE 2023 33460.patch | (download)

src/yajl_tree.c | 9 8 + 1 - 0 !
1 file changed, 8 insertions(+), 1 deletion(-)

 
 fix for cve-2023-33460a
 Memory leak in yajl 2.1.0 with use of yajl_tree_parse function
 See https://github.com/lloyd/yajl/issues/250#issuecomment-1628695214