CVE-2020-12762: json-c

Lars-Dominik Braun wrote on 25 May 2020 14:06

Recipients:(address . bug-guix@gnu.org)

Message-ID:20200525120647.GA1428@noor.fritz.box

Hi,
our package json-c is vulnerable to CVE-2020-12762[1]. Be careful whenapplying the “fix”, since it broke a lot of packages on Ubuntu andGentoo[2] in the past week.
Lars
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-12762[2] https://bugs.gentoo.org/722150

Ludovic Courtès wrote on 29 May 2020 16:37

control message for bug #41525

Recipients:(address . control@debbugs.gnu.org)

Message-ID:87tuzy3izc.fsf@gnu.org

tags 41525 + securityquit

Maxim Cournoyer wrote on 21 Oct 2020 06:27

Re: bug#41525: CVE-2020-12762: json-c

Recipients:(name . Lars-Dominik Braun)(address . lars@6xq.net)(address . 41525-done@debbugs.gnu.org)

Message-ID:875z74430k.fsf@gmail.com

Hello,
Lars-Dominik Braun <lars@6xq.net> writes:

Toggle quote (11 lines)> Hi,>> our package json-c is vulnerable to CVE-2020-12762[1]. Be careful when> applying the “fix”, since it broke a lot of packages on Ubuntu and> Gentoo[2] in the past week.>> Lars>> [1] https://nvd.nist.gov/vuln/detail/CVE-2020-12762> [2] https://bugs.gentoo.org/722150

Thanks for the report!
This was fixed by Efraim on the 6th of August, with commit10b40489742bdaa0d193c00dff1446b11c081f6a.
Closing,
Maxim

Closed

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date