CVE-2020-12762: json-c

Lars-Dominik Braun wrote on 25 May 2020 14:06

Recipients:(address . bug-guix@gnu.org)

Message-ID:20200525120647.GA1428@noor.fritz.box

Hi,
our package json-c is vulnerable to CVE-2020-12762[1]. Be careful whenapplying the “fix”, since it broke a lot of packages on Ubuntu andGentoo[2] in the past week.
Lars
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-12762[2] https://bugs.gentoo.org/722150

Ludovic Courtès wrote on 29 May 2020 16:37

control message for bug #41525

Recipients:(address . control@debbugs.gnu.org)

Message-ID:87tuzy3izc.fsf@gnu.org

tags 41525 + securityquit

Maxim Cournoyer wrote on 21 Oct 2020 06:27

Re: bug#41525: CVE-2020-12762: json-c

Recipients:(name . Lars-Dominik Braun)(address . lars@6xq.net)(address . 41525-done@debbugs.gnu.org)

Message-ID:875z74430k.fsf@gmail.com

Hello,
Lars-Dominik Braun <lars@6xq.net> writes:

Toggle quote (11 lines)> Hi,>> our package json-c is vulnerable to CVE-2020-12762[1]. Be careful when> applying the “fix”, since it broke a lot of packages on Ubuntu and> Gentoo[2] in the past week.>> Lars>> [1] https://nvd.nist.gov/vuln/detail/CVE-2020-12762> [2] https://bugs.gentoo.org/722150

Thanks for the report!
This was fixed by Efraim on the 6th of August, with commit10b40489742bdaa0d193c00dff1446b11c081f6a.
Closing,
Maxim

Closed

Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send email to 41525@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date