-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 11 Jul 2023 19:55:30 +0200
Source: yajl
Binary: libyajl-dev libyajl2 libyajl2-dbgsym yajl-tools yajl-tools-dbgsym
Architecture: i386
Version: 2.1.0-3+deb11u2
Distribution: bullseye
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) <buildd_amd64-x86-ubc-02@buildd.debian.org>
Changed-By: Tobias Frost <tobi@debian.org>
Description:
 libyajl-dev - Yet Another JSON Library - development files
 libyajl2   - Yet Another JSON Library
 yajl-tools - Yet Another JSON Library - tools
Closes: 1039984 1040036
Changes:
 yajl (2.1.0-3+deb11u2) bullseye; urgency=medium
 .
   [Tobias Frost]
   * Non-maintainer upload.
   * Cherry pick John's CVE fixes from 2.1.0-4 and 2.1.0-5:
    - CVE-2017-16516: Potential in a denial of service with crafted JSON
      file
    - CVE-2022-24795: integer overflow which leads to subsequent heap
      memory corruption when dealing with large (~2GB) inputs.
    - CVE-2023-33460: memory leak which potentially can lead to a out-of-
      memory situation and cause a crash.
 .
   [John Stamp]
   * Patch CVE-2017-16516 and CVE-2022-24795 (Closes: #1040036)
   * The patch for CVE-2023-33460 turned out to be incomplete. Fix that. (Closes: #1039984)
Checksums-Sha1:
 6e04893ea70f4326fdc885416e9f619a049f06eb 34800 libyajl-dev_2.1.0-3+deb11u2_i386.deb
 911bdd725c39f38cf4e24b3549e38614b88e6d5c 36660 libyajl2-dbgsym_2.1.0-3+deb11u2_i386.deb
 f9f190c2f9ed18fd514bc374b4fc6c3185a438fd 25548 libyajl2_2.1.0-3+deb11u2_i386.deb
 75b6aae05f84e6d7fd6a330421817c767962ccdf 12120 yajl-tools-dbgsym_2.1.0-3+deb11u2_i386.deb
 51f1d12b642ffa4bec6663dcbf2213a45bb88e1b 14776 yajl-tools_2.1.0-3+deb11u2_i386.deb
 6d11af3247fa07bea96de342e18e8f850c485c96 7953 yajl_2.1.0-3+deb11u2_i386-buildd.buildinfo
Checksums-Sha256:
 2715101e98bb4f66d9faf019c5216de0c9d0a98386d972ac33be7bf91178dfeb 34800 libyajl-dev_2.1.0-3+deb11u2_i386.deb
 57168b00c4f111a6747312a56ff36898d981f21f3efcb37326c26fc427ae7b3b 36660 libyajl2-dbgsym_2.1.0-3+deb11u2_i386.deb
 af401687ddcab3f909d403ebe0252d46a77636e6023eb2a6cc6d16ca6593be8b 25548 libyajl2_2.1.0-3+deb11u2_i386.deb
 804e5365e758a0be217f99ff95bb414e578d8e1de08d77c3823c94a337518753 12120 yajl-tools-dbgsym_2.1.0-3+deb11u2_i386.deb
 b880a2c6ab0c27d1504bef913e50d396dfcd516da85155d49cc30dc7b18a2721 14776 yajl-tools_2.1.0-3+deb11u2_i386.deb
 8398d1a54aae52b03142aaf8e94b7c7ac6581301e22686220d2e31075ffb93c5 7953 yajl_2.1.0-3+deb11u2_i386-buildd.buildinfo
Files:
 88d54c76516b75d9f3df2fb8f4e26bb7 34800 libdevel optional libyajl-dev_2.1.0-3+deb11u2_i386.deb
 1aa2221d2d594d89e0ef79d0dd5d74a7 36660 debug optional libyajl2-dbgsym_2.1.0-3+deb11u2_i386.deb
 e3a8013ea7f0f5348c6bd9e65844aea5 25548 libs optional libyajl2_2.1.0-3+deb11u2_i386.deb
 7d0f33472c372c4996a6c24d1aada1db 12120 debug optional yajl-tools-dbgsym_2.1.0-3+deb11u2_i386.deb
 0344e546555631c0aa266603b73e94e4 14776 utils optional yajl-tools_2.1.0-3+deb11u2_i386.deb
 f3f6d6c189a77ec168960a2484076a47 7953 libs optional yajl_2.1.0-3+deb11u2_i386-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEJyRdn7p9tGRfxctAots23/koc0EFAmS+4t4ACgkQots23/ko
c0G6AA/7BMVCe0W8SjRFtwUTHmtAwDxzB/9nj2hzKmeHg47B1ZkIyQ1ovaZQbxmS
9XxM2Tct+v60IKDYA/XnOGqjQq4x5op2Pl1Vm/DH+ZOiHRsPq0ROWbE5nld7s/63
AEyNpkbyHgqbgG0n2/MOJL5pG4cufBBqMhbWbnDg2HoZ5Jybq88uZtGoU8ddzCbz
4Up55txGatYcDdJC5E1aKotNKlYqufIIWnzSoDB3Lx57Hp/X9GNQfQ4sK3Xp+bnK
0XQpHgGA3eMSnOMSjN+5Nkqbb+c8aNZvqwq/Gjbt3rOWCKJtQwC9z3xlf5Er7BL3
DvmiewjTyxG/jUAxAvm1lHwm1jGymHL500fb57qFpfd04x6c1Ln3RSqLFBjokzys
OfQYZjfjpv12MAE4hX5U4DawBxnSuGMtqKbZlHn3sPAv2pxjWA9ifz9ZpRYKoNOi
cdSnwOKDh5cJHWCq9K5m/ki1SlXuqRMR1IoYjdIFKBNdt2wwI1fLu/M0zGTJ5GBa
r239BCXbhNrS4JRILyX3t7PreC/YigZ2tm+hp99Np31E+gPJNGQAN9z3GorSgfKY
L4SF/Yl9YpkiqNSp9CRVmeRJ9hYJUUnfzZUPL5+K8z+t2Og8TJ6iE0sdLKXR4grA
g0PmhQ+m0JRpUxtwwg+UCtLb40HsEAqI/awXrYAP/63HGbgZeXM=
=oCTV
-----END PGP SIGNATURE-----