Source: cjson X-Debbugs-CC: [email protected] Severity: normal Tags: security
Hi, The following vulnerabilities were published for cjson. They appear to be rather bogus and not cross any security boundaries, please doublecheck: CVE-2023-50471[0]: | cJSON v1.7.16 was discovered to contain a segmentation violation via | the function cJSON_InsertItemInArray at cJSON.c. https://github.com/DaveGamble/cJSON/issues/802 Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8 CVE-2023-50472[1]: | cJSON v1.7.16 was discovered to contain a segmentation violation via | the function cJSON_SetValuestring at cJSON.c. https://github.com/DaveGamble/cJSON/issues/803 Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-50471 https://www.cve.org/CVERecord?id=CVE-2023-50471 [1] https://security-tracker.debian.org/tracker/CVE-2023-50472 https://www.cve.org/CVERecord?id=CVE-2023-50472 Please adjust the affected versions in the BTS as needed.

