CVE-2020-12762: json-c

Done

Details

3 participants

Lars-Dominik Braun
Ludovic Courtès
Maxim Cournoyer

Owner: unassigned

Submitted by: Lars-Dominik Braun

Severity: normal

Lars-Dominik Braun wrote on 25 May 2020 14:06

Recipients:(address . bug-guix@gnu.org)

Message-ID:20200525120647.GA1428@noor.fritz.box

Hi,

our package json-c is vulnerable to CVE-2020-12762[1]. Be careful when

applying the “fix”, since it broke a lot of packages on Ubuntu and

Gentoo[2] in the past week.

Lars

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-12762

[2] https://bugs.gentoo.org/722150

Ludovic Courtès wrote on 29 May 2020 16:37

control message for bug #41525

Recipients:(address . control@debbugs.gnu.org)

Message-ID:87tuzy3izc.fsf@gnu.org

tags 41525 + security

quit

Maxim Cournoyer wrote on 21 Oct 2020 06:27

Re: bug#41525: CVE-2020-12762: json-c

Recipients:(name . Lars-Dominik Braun)(address . lars@6xq.net)(address . 41525-done@debbugs.gnu.org)

Message-ID:875z74430k.fsf@gmail.com

Hello,

Lars-Dominik Braun <lars@6xq.net> writes:

Toggle quote (11 lines)> Hi,
>
> our package json-c is vulnerable to CVE-2020-12762[1]. Be careful when
> applying the “fix”, since it broke a lot of packages on Ubuntu and
> Gentoo[2] in the past week.
>
> Lars
>
> [1] https://nvd.nist.gov/vuln/detail/CVE-2020-12762
> [2] https://bugs.gentoo.org/722150

Thanks for the report!

This was fixed by Efraim on the 6th of August, with commit

10b40489742bdaa0d193c00dff1446b11c081f6a.

Closing,

Maxim

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 41525@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date