Debian-LTS alert DLA-471-1 (jansson)

From:
    	     
 
Markus Koschany <apo@debian.org> 
To:
    	     
 
debian-lts-announce@lists.debian.org 
Subject:
    	     
 
[SECURITY] [DLA 471-1] jansson security update 
Date:
    	     
 
Fri, 13 May 2016 19:09:17 +0200
Message-ID:
    	     
 
<57360A3D.9020707@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : jansson
Version        : 2.3.1-2+deb7u1
CVE ID         : CVE-2016-4425
Debian Bug     : 823238


Applications that depend on Jansson, a C library for encoding,
decoding and manipulating JSON data, could crash due to stack
exhaustion while parsing a JSON file. This was caused due to an
unlimited parsing depth when parsing JSON arrays and is now fixed by
limiting the depth to 2048.

For Debian 7 "Wheezy", this problem has been fixed in version
2.3.1-2+deb7u1.

We recommend that you upgrade your jansson packages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJXNgo8XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkehIP/0k/xpHU+mES/EeGnzmF8DYL
hYv1Gt343/4qc0b+VUsSUg/9ho35NYlyS+adcpVfkdZQJSSqTgaeMR3NhaH82asv
opSkiSwUs/3WRlV4gUr6jqfzfhGALBls8Q4PIuoUAZ8aLpVWEyECm1w4PBYQpF4P
y1FjwtcE5HTdc5fCEuJk7YhvHFQLMakvfkEq0Y8TArpY6mpBYH9wwKhslxNd78QA
fdg1s1t90fEZs5W/8HcNUk2r+SQpClGufGNl+2ydF78KnkZXlFSrfmHSXNHRNHje
DDscfI+WD07K1iFZPjVtACQpUuVqLV2wFjSzpZy5txR+iswA3w2NHAxZdgZGg/7I
WxsF/oxJz0yeCtzRkOhZbtBuYMpoVhF67wTWu+JHlUVTHTjuk2MsbMaYlxkkPT+V
Qi8S2vSFRo0wOmvV6zSeOT++YireS1YlDt8fapnlQQwApFmaC4lo0vUy8LB9c6Hq
W5LYmFMC1h2pWcBJCX4mIhyAgoTZPjmwmCwiC3ymeFikWBjIhRW5CWfksgvc1lvN
HTBmBQEGYqNHFaQFVNZ7k+oEI/6kTv81vPVylk/RdIpCH6Oh67QDlZz/p9b1Igtb
6WR4rlgpMuHdGD9Y6xm+5PMsa/mc13paEstr2pyx6uxd35qdgoUpH/xQB9q8Xj9g
IDyZquaHlcVpMrsMzxGp
=YYMi
-----END PGP SIGNATURE-----