Debian alert DSA-5999-1 (libjson-xs-perl)

From:
             
 
Salvatore Bonaccorso <carnil@debian.org>
To:
             
 
debian-security-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DSA 5999-1] libjson-xs-perl security update
Date:
             
 
Thu, 11 Sep 2025 19:41:40 +0000
Message-ID:
             
 
<E1uwnAq-00GiOx-0A@seger.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5999-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 11, 2025                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libjson-xs-perl
CVE ID         : CVE-2025-40928

Michael Hudak discovered a flaw in libjson-xs-perl, a module for
manipulating JSON-formatted data. An integer buffer overflow causing a
segfault when parsing specially crafted JSON, may allow an attacker to
mount a denial-of-service attack or cause other unspecified impact.

For the oldstable distribution (bookworm), this problem has been fixed
in version 4.040-1~deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 4.040-1~deb13u1.

We recommend that you upgrade your libjson-xs-perl packages.

For the detailed security status of libjson-xs-perl please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libjson-xs-perl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmjDJVpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Q+ow/6A6OmsHkzbwjmXB3HidHnMoWg7O0jq65OQniphjC1j+EGKgDAsIXhI2eT
l4oZDUQVpZGHY9HpagYWS7/mcuGmDT2PmV3/c5vR6nXGoKEus+2XrgpxPKX3Q/2w
I383yGBDoG0QwSvwhWaiZtDz0ZiSvgEeuMUQPNi/+Pyi/mnXnjHGWdh5Nybl621R
l+v3aVRpfdEiYA+vwQWvpexGnkxgG2kYtcfcXikx+7B1k8DSJt+lKe6bWfZ8Tdag
+e0+WBywrESJuR50hgOpzW91myDdZK0Mdic8kP6OWvMBwj/JTCP6DydckxH++MPP
HkDDIdXX7Rn+32GF2tS4dVt5X9hBHZm1s0Rf5kr2YkuUPBGW2QcY4uF1hpbPeFIa
Ddp0LBdBvxPU4pfetsHWKOEuejuXAZQOTw7NE1YMMSUVMOS9JuM57yVOshuiW/o3
KBWw6WeM3tVHhuxWPz+MsCTsBABMlKGvWz+Zeo3a9XmEaD50JWO7lICtDtWN53C8
aUbLT0U7vi2bHnKS8vjVl220r6ONXcx78pASSEYCSlqFyMKM402u/VQsyYufB4Zd
tJ4YnZ5ANuKlFvpjeyjNZWtPxCmY0E7WPpiuug2WmiIX9/F4lNXaCl4V4qAhyp0B
WZsNcMxHOiRMfXnF3mAGC/cZ2Lk1D053KfVOssmoglbjdUsoGQQ=
=yIsc
-----END PGP SIGNATURE-----