CVE-2020-12762: json-c

  • Done
  • quality assurance status badge
Details
3 participants
  • Lars-Dominik Braun
  • Ludovic Courtès
  • Maxim Cournoyer
Owner
unassigned
Submitted by
Lars-Dominik Braun
Severity
normal
L
L
L
Ludovic Courtès wrote on 29 May 2020 16:37
control message for bug #41525
(address . control@debbugs.gnu.org)
87tuzy3izc.fsf@gnu.org
tags 41525 + security
quit
M
M
Maxim Cournoyer wrote on 21 Oct 2020 06:27
Re: bug#41525: CVE-2020-12762: json-c
(name . Lars-Dominik Braun)(address . lars@6xq.net)(address . 41525-done@debbugs.gnu.org)
875z74430k.fsf@gmail.com
Hello,

Lars-Dominik Braun <lars@6xq.net> writes:

Toggle quote (11 lines)
> Hi,
>
> our package json-c is vulnerable to CVE-2020-12762[1]. Be careful when
> applying the “fix”, since it broke a lot of packages on Ubuntu and
> Gentoo[2] in the past week.
>
> Lars
>
> [1] https://nvd.nist.gov/vuln/detail/CVE-2020-12762
> [2] https://bugs.gentoo.org/722150

Thanks for the report!

This was fixed by Efraim on the 6th of August, with commit
10b40489742bdaa0d193c00dff1446b11c081f6a.

Closing,

Maxim
Closed
?