CVE-2020-12762: json-c

DoneSubmitted by Lars-Dominik Braun.
Details
3 participants
  • Lars-Dominik Braun
  • Ludovic Courtès
  • Maxim Cournoyer
Owner
unassigned
Severity
normal
L
L
Lars-Dominik Braun wrote on 25 May 2020 14:06
(address . bug-guix@gnu.org)
20200525120647.GA1428@noor.fritz.box
Hi,
our package json-c is vulnerable to CVE-2020-12762[1]. Be careful whenapplying the “fix”, since it broke a lot of packages on Ubuntu andGentoo[2] in the past week.
Lars
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-12762[2] https://bugs.gentoo.org/722150
L
L
Ludovic Courtès wrote on 29 May 2020 16:37
control message for bug #41525
(address . control@debbugs.gnu.org)
87tuzy3izc.fsf@gnu.org
tags 41525 + securityquit
M
M
Maxim Cournoyer wrote on 21 Oct 2020 06:27
Re: bug#41525: CVE-2020-12762: json-c
(name . Lars-Dominik Braun)(address . lars@6xq.net)(address . 41525-done@debbugs.gnu.org)
875z74430k.fsf@gmail.com
Hello,
Lars-Dominik Braun <lars@6xq.net> writes:
Toggle quote (11 lines)> Hi,>> our package json-c is vulnerable to CVE-2020-12762[1]. Be careful when> applying the “fix”, since it broke a lot of packages on Ubuntu and> Gentoo[2] in the past week.>> Lars>> [1] https://nvd.nist.gov/vuln/detail/CVE-2020-12762> [2] https://bugs.gentoo.org/722150
Thanks for the report!
This was fixed by Efraim on the 6th of August, with commit10b40489742bdaa0d193c00dff1446b11c081f6a.
Closing,
Maxim
Closed
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send email to 41525@debbugs.gnu.org