GNU bug report logs - #41525
CVE-2020-12762: json-c

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Lars-Dominik Braun <lars@HIDDEN>; Keywords: security; dated Mon, 25 May 2020 12:08:02 UTC; Maintainer for guix is bug-guix@HIDDEN.
Added tag(s) security. Request was from Ludovic Courtès <ludo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 25 May 2020 12:07:02 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 25 08:07:01 2020
Received: from localhost ([127.0.0.1]:40096 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jdBsj-0006FS-JV
	for submit <at> debbugs.gnu.org; Mon, 25 May 2020 08:07:01 -0400
Received: from lists.gnu.org ([209.51.188.17]:51560)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lars@HIDDEN>) id 1jdBsh-0006FE-LO
 for submit <at> debbugs.gnu.org; Mon, 25 May 2020 08:07:00 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34840)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lars@HIDDEN>) id 1jdBsh-000324-Hl
 for bug-guix@HIDDEN; Mon, 25 May 2020 08:06:59 -0400
Received: from luma.6xq.net ([78.47.253.203]:60382)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lars@HIDDEN>) id 1jdBsf-0008Iv-KN
 for bug-guix@HIDDEN; Mon, 25 May 2020 08:06:59 -0400
Received: from localhost
 (dynamic-2a01-0c23-848e-0800-22ea-8a07-c872-a850.c23.pool.telefonica.de
 [IPv6:2a01:c23:848e:800:22ea:8a07:c872:a850])
 by luma.6xq.net (Postfix) with ESMTPSA id 5BDF9C33E7
 for <bug-guix@HIDDEN>; Mon, 25 May 2020 14:06:48 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=6xq.net; s=20120712;
 t=1590408408; bh=HZ98JDgQS1rMmBCn0prqBmXGEku0AUqucWGPnW3kIe8=;
 h=Date:From:To:Subject:From;
 b=UygT1eZI82T6Xe93U3IMOsVxYGwjWLkdAhYNyjqv1PNrC7RA79i4va0A6lxhxw5LH
 Taby6LY6PqPmwzgsKnnMrpZ1k9MtOdGkTL8GlUUg6FS9/ffxeiXJPiRGleUnWNvSGl
 O4jjsNB9m7FyA0tWSO7Z4ROakIV9RamgLxwYfG04=
Date: Mon, 25 May 2020 14:06:47 +0200
From: Lars-Dominik Braun <lars@HIDDEN>
To: bug-guix@HIDDEN
Subject: CVE-2020-12762: json-c
Message-ID: <20200525120647.GA1428@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=78.47.253.203; envelope-from=lars@HIDDEN;
 helo=luma.6xq.net
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/25 08:06:48
X-ACL-Warn: Detected OS   = Linux 3.11 and newer [fuzzy]
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

Hi,

our package json-c is vulnerable to CVE-2020-12762[1]. Be careful when
applying the “fix”, since it broke a lot of packages on Ubuntu and
Gentoo[2] in the past week.

Lars

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-12762
[2] https://bugs.gentoo.org/722150





Acknowledgement sent to Lars-Dominik Braun <lars@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#41525; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Fri, 29 May 2020 14:45:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.