Package "yajl"
| Name: |
yajl
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- Yet Another JSON Library - development files
- Yet Another JSON Library - library documentation
- Yet Another JSON Library
|
| Latest version: |
2.1.0-3ubuntu0.22.04.1 |
| Release: |
jammy (22.04) |
| Level: |
updates |
| Repository: |
main |
Links
Other versions of "yajl" in Jammy
Packages in group
Deleted packages are displayed in grey.
Changelog
|
yajl (2.1.0-3ubuntu0.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: buffer overread in yajl_string_decode function
- debian/patches/CVE-2017-16516.patch: don't advance our end pointer until
we've checked we have enough buffer left and that the unicode escape is
approaching.
- CVE-2017-16516
* SECURITY UPDATE: integer overflow leading to heap memory corruption when
processing large (~2GB) inputs
- debian/patches/CVE-2022-24795.patch: catch integer overflow and
terminate the process with abort().
- CVE-2022-24795
* SECURITY UPDATE: memory leak in yajl_tree_parse function
- debian/patches/CVE-2023-33460.patch: fix memory leak problems by
releasing requested memory in time.
- CVE-2023-33460
-- Fabian Toepfer <email address hidden> Thu, 14 Dec 2023 14:06:32 +0100
|
| CVE-2017-16516 |
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in |
| CVE-2022-24795 |
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow whi |
| CVE-2023-33460 |
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. |
|
About
-
Send Feedback to @ubuntu_updates
