UbuntuUpdates.org

Package "libjettison-java"

Name: libjettison-java

Description:

collection of StAX parsers and writers for JSON

Latest version: 1.4.0-1ubuntu0.20.04.1
Release: focal (20.04)
Level: updates
Repository: universe
Homepage: https://github.com/jettison-json/jettison

Links


Download "libjettison-java"


Other versions of "libjettison-java" in Focal

Repository Area Version
base universe 1.4.0-1
security universe 1.4.0-1ubuntu0.20.04.1

Changelog

Version: 1.4.0-1ubuntu0.20.04.1 2023-06-19 15:06:55 UTC

  libjettison-java (1.4.0-1ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2022-40149.patch: fixed a denial of service in
      nextClean function.
    - debian/patches/CVE-2022-40150-[1-5].patch: fixed multiple cases of
      denial of service from CVE-2022-40150, CVE-2022-45685, and
      CVE-2022-45693.
    - CVE-2022-40149
    - CVE-2022-40150
    - CVE-2022-45685
    - CVE-2022-45693

 -- Amir Naseredini <email address hidden> Thu, 15 Jun 2023 17:05:52 +0100

CVE-2022-40149 Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user suppl
CVE-2022-40150 Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user suppl
CVE-2022-45685 A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
CVE-2022-45693 Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Ser



About   -   Send Feedback to @ubuntu_updates