GNU bug report logs - #41525
CVE-2020-12762: json-c

Previous Next

Package: guix;

Reported by: Lars-Dominik Braun <lars <at> 6xq.net>

Date: Mon, 25 May 2020 12:08:02 UTC

Severity: normal

Tags: security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 41525 in the body.
You can then email your comments to 41525 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#41525; Package guix. (Mon, 25 May 2020 12:08:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Lars-Dominik Braun <lars <at> 6xq.net>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Mon, 25 May 2020 12:08:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Lars-Dominik Braun <lars <at> 6xq.net>
To: bug-guix <at> gnu.org
Subject: CVE-2020-12762: json-c
Date: Mon, 25 May 2020 14:06:47 +0200

Hi,

our package json-c is vulnerable to CVE-2020-12762[1]. Be careful when
applying the “fix”, since it broke a lot of packages on Ubuntu and
Gentoo[2] in the past week.

Lars

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-12762
[2] https://bugs.gentoo.org/722150
Added tag(s) security. Request was from Ludovic Courtès <ludo <at> gnu.org> to control <at> debbugs.gnu.org. (Fri, 29 May 2020 14:38:02 GMT) Full text and rfc822 format available.
Reply sent to Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
You have taken responsibility. (Wed, 21 Oct 2020 04:28:02 GMT) Full text and rfc822 format available.
Notification sent to Lars-Dominik Braun <lars <at> 6xq.net>:
bug acknowledged by developer. (Wed, 21 Oct 2020 04:28:02 GMT) Full text and rfc822 format available.

Message #12 received at 41525-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Lars-Dominik Braun <lars <at> 6xq.net>
Cc: 41525-done <at> debbugs.gnu.org
Subject: Re: bug#41525: CVE-2020-12762: json-c
Date: Wed, 21 Oct 2020 00:27:39 -0400

Hello,

Lars-Dominik Braun <lars <at> 6xq.net> writes:

> Hi,
>
> our package json-c is vulnerable to CVE-2020-12762[1]. Be careful when
> applying the “fix”, since it broke a lot of packages on Ubuntu and
> Gentoo[2] in the past week.
>
> Lars
>
> [1] https://nvd.nist.gov/vuln/detail/CVE-2020-12762
> [2] https://bugs.gentoo.org/722150

Thanks for the report!

This was fixed by Efraim on the 6th of August, with commit
10b40489742bdaa0d193c00dff1446b11c081f6a.

Closing,

Maxim
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Wed, 18 Nov 2020 12:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 3 years and 157 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.