CVE-2020-12762: json-c

DoneSubmitted by Lars-Dominik Braun.
Details
3 participants
  • Lars-Dominik Braun
  • Ludovic Courtès
  • Maxim Cournoyer
Owner
unassigned
Severity
normal
L
L
Lars-Dominik Braun wrote on 25 May 2020 14:06
(address . bug-guix@gnu.org)
20200525120647.GA1428@noor.fritz.box
Hi,

our package json-c is vulnerable to CVE-2020-12762[1]. Be careful when
applying the “fix”, since it broke a lot of packages on Ubuntu and
Gentoo[2] in the past week.

Lars

L
L
Ludovic Courtès wrote on 29 May 2020 16:37
control message for bug #41525
(address . control@debbugs.gnu.org)
87tuzy3izc.fsf@gnu.org
tags 41525 + security
quit
M
M
Maxim Cournoyer wrote on 21 Oct 2020 06:27
Re: bug#41525: CVE-2020-12762: json-c
(name . Lars-Dominik Braun)(address . lars@6xq.net)(address . 41525-done@debbugs.gnu.org)
875z74430k.fsf@gmail.com
Hello,

Lars-Dominik Braun <lars@6xq.net> writes:

Toggle quote (11 lines)
> Hi,
>
> our package json-c is vulnerable to CVE-2020-12762[1]. Be careful when
> applying the “fix”, since it broke a lot of packages on Ubuntu and
> Gentoo[2] in the past week.
>
> Lars
>
> [1] https://nvd.nist.gov/vuln/detail/CVE-2020-12762
> [2] https://bugs.gentoo.org/722150

Thanks for the report!

This was fixed by Efraim on the 6th of August, with commit
10b40489742bdaa0d193c00dff1446b11c081f6a.

Closing,

Maxim
Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 41525@debbugs.gnu.org