Package "json-c"

Name: json-c


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • JSON manipulation library - shared library
  • JSON manipulation library - debug symbols
  • JSON manipulation library - development files

Latest version: 0.9-1ubuntu1.4
Release: precise (12.04)
Level: updates
Repository: main


Other versions of "json-c" in Precise

Repository Area Version
base main 0.9-1ubuntu1
security main 0.9-1ubuntu1.4

Packages in group

Deleted packages are displayed in grey.


Version: 0.9-1ubuntu1.4 2021-05-03 15:06:26 UTC

  json-c (0.9-1ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: Integer overflows
    - debian/patches/CVE-2020-12762-*.patch: fix a series of
      integer overflows adding checks in linkhash.c, printbuf.c,
      also adds the fix for the INT_MAX regression caused in
      previous update.
    - CVE-2020-12762

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 27 May 2020 11:26:22 -0300

Source diff to previous version
CVE-2020-12762 json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Version: 0.9-1ubuntu1.1 2014-06-12 18:06:43 UTC

  json-c (0.9-1ubuntu1.1) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via buffer overflow (LP: #1311397)
    - debian/patches/CVE-2013-6370.patch: check lengths and add warnings to
    - CVE-2013-6370
  * SECURITY UPDATE: denial of service via hash collision (LP: #1311397)
    - debian/patches/CVE-2013-6371.patch: added better random seed and hash
      functions to Makefile.am, config.h.in, linkhash.c, random_seed.*,
    - debian/{control,rules}: build with autoreconf
    - CVE-2013-6371
 -- Marc Deslauriers <email address hidden> Tue, 03 Jun 2014 15:22:22 -0400

1311397 json-c: CVE-2013-6370 CVE-2013-6371
CVE-2013-6370 Buffer overflow in the printbuf APIs in json-c before 0.12 allows ...
CVE-2013-6371 The hash functionality in json-c before 0.12 allows context-dependent ...

About   -   Send Feedback to @ubuntu_updates