Your message dated Fri, 3 Jan 2025 13:25:02 +0000 with message-id <z3fllqvqb-o_w...@inutil.org> and subject line Re: epics-base: CVE-2023-33460 has caused the Debian Bug report #1059316, regarding epics-base: CVE-2023-33460 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1059316: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059316 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: epics-base X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for yajl, which is embedded by epics-base: CVE-2023-33460[0]: | There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse | function. which will cause out-of-memory in server and cause crash. https://github.com/lloyd/yajl/issues/250 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-33460 https://www.cve.org/CVERecord?id=CVE-2023-33460 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---On Fri, Jan 03, 2025 at 01:06:54PM +0100, Santiago Vila wrote: > tags 1089319 help > thanks > > Hi. I planned to include a fix for this in an upload today, > and to my surprise I found that the available patches > not only do not apply cleanly, they do not apply at all! I had a closer look, turns out the embedded/forked copy of yajl is actually so old, that epics-base isn't affected. Closing. Cheers, Moritz
--- End Message ---
-- debian-science-maintainers mailing list debian-science-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
