-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3577-1 security@xxxxxxxxxx https://www.debian.org/security/ Alessandro Ghedini May 14, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jansson CVE ID : CVE-2016-4425 Debian Bug : 823238 Gustavo Grieco discovered that jansson, a C library for encoding, decoding and manipulating JSON data, did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service (crash) via stack exhaustion, using crafted JSON data. For the stable distribution (jessie), this problem has been fixed in version 2.7-1+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2.7-5. We recommend that you upgrade your jansson packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJXN1f0AAoJEK+lG9bN5XPL6yMP/0rcvD6Leb575MxsRC1eq5oL NrwgqJ/x6kE96jHBYYcM8Ra+riJnNCLF1gcbX2vp/xBYbKPR63RvHKLm3J8BEc+j Hb3m+7joxf+JXkuKaPR51cm7sKQ6rWIKydd87KEXr1Iiam5a5MUfFJpHLkUvihZ9 TQAKSztIJumxlZKdIYH+0A7TghoeczPcioqDfRJ14kE9hwh4d+qnL0r/CYwGS88Q Zor0Zi4OWhHCU2BPzNLSN1qXRvOTgPRd/+bKrJHxbAY8UCyd7b+BDk9NWX9nkdfZ AoSYvLtPEQeGI8j0YZ9tzXKHX9E/WSWOrnPn0p1tn9qFvvAJpe/ev4/SooLD1a1O 2MyY77cattsX+LAHAZdsqasOzvd5EuIB9/kiwJ3tSfWjj9o08zjGH8hvp6vGeM+a EUfZfc7AyW+l6glxJ9n3Njf1w1JjyYW6X2NfPEo47EQLYngtDCHS1E3Qg2ZscEen DsTKTc2GrYrQqDylfZUTWUD+pVKp1itarYq5pT6Bwfm+Oul7PHnGS+eDW1DexCUk dBedSuOMm3yiBwDI/bscGUMz8EnAJt8+86IhGa+76DByI7EFA54g7SyYFI4y68Ir b2FqnRcT17JhMo+P6/5CchnZdYzwVfN9u/tlLX1JKpY0u5f2oQQia56iYdF7rtwg LP8qraUYeK60btbLYmpO =pQ8j -----END PGP SIGNATURE-----