Debian alert DLA-4304-1 (cjson)

From:
             
 
Thorsten Alteholz <debian@alteholz.de>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 4304-1] cjson security update
Date:
             
 
Thu, 18 Sep 2025 15:14:55 +0000
Message-ID:
             
 
<c4bca275-b3f8-c167-9fcb-133eff4f2ea2@alteholz.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4304-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 18, 2025                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : cjson
Version        : 1.7.14-1+deb11u3
CVE ID         : CVE-2025-57052


It was discovered that cJSON, an ultralightweight JSON parser, performed
insufficient input sanitising, which could result in out-of-bounds
memory access.


For Debian 11 bullseye, this problem has been fixed in version
1.7.14-1+deb11u3.

We recommend that you upgrade your cjson packages.

For the detailed security status of cjson please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cjson

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmjMIe9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdP1RAAhkYa2+9NyWRQNE5++r6b0haJZvgCu1+9Nqjaid7ZxOQ5wPniuLBmqrWT
DyVpb+udgOLHbr3pDVLDr8ptJ0/bNEaG21XF6VhCRFNrKVdD+5l5B1ijMbNcGbDj
CWwK8Re8wVE+ZCQMznzT5ROf7BPBOILMzwuB4ETNjKEhxpXg58zEZIQje4O1GeAN
v+R4ctj5KBedMfoCfV0t7FxbBDQ9usS/frAziBmGI7oSPoBGELYXkCBQH1XwbVqJ
KyMt6+SJ11Pp5zjy9RzpIT6RDGFU4DpREjVb1k/1PZcDhW0Djvpr5l9GLaT3GIWI
A6jHeSiUWNkgCSJapScU/n70xR/OlOSDU4FWotT3WsQnlVX7+pbhn4LLfkHqfr92
U4/xAkyzaCrSKR4zC0Sql42n7Evc0koHiilnXCZ7jgounSSBEz9YBovjPJgPZKlG
kY6QwOf1c/YE1W8urT04zL4ACnEIIfcSG6DQ1nxOMqhFj7XcdnrocCg3mjFVUNRr
v2hsI4JY6qqJriKhHhle20FaCRr4gHIJU0ksXOxpU2Lwk0N1saN9sIisAJqPdbez
2sEvFo9zVcgwH3wNcC6sV1X3gULLSI4efDLkhb0ZI2LyRi0m9/YnpUAN/VW4BwIn
96rqU07LI8hkL3+W1xDni3tl22anT1BsSnrZvN2SI15xwMSpBs0=
=/sr1
-----END PGP SIGNATURE-----