-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-fb1e912d0e 2024-07-19 01:45:23.518882 -------------------------------------------------------------------------------- Name : rapidjson Product : Fedora 40 Version : 1.1.0 Release : 41.fc40 URL : http://rapidjson.org/ Summary : Fast JSON parser and generator for C++ Description : RapidJSON is a fast JSON parser and generator for C++. It was inspired by RapidXml. RapidJSON is small but complete. It supports both SAX and DOM style API. The SAX parser is only a half thousand lines of code. RapidJSON is fast. Its performance can be comparable to strlen(). It also optionally supports SSE2/SSE4.1 for acceleration. RapidJSON is self-contained. It does not depend on external libraries such as BOOST. It even does not depend on STL. RapidJSON is memory friendly. Each JSON value occupies exactly 16/20 bytes for most 32/64-bit machines (excluding text string). By default it uses a fast memory allocator, and the parser allocates memory compactly during parsing. RapidJSON is Unicode friendly. It supports UTF-8, UTF-16, UTF-32 (LE & BE), and their detection, validation and transcoding internally. For example, you can read a UTF-8 file and let RapidJSON transcode the JSON strings into UTF-16 in the DOM. It also supports surrogates and "\u0000" (null character). JSON(JavaScript Object Notation) is a light-weight data exchange format. RapidJSON should be in fully compliance with RFC4627/ECMA-404. -------------------------------------------------------------------------------- Update Information: Fix for CVE-2024-38517. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 10 2024 Tom Hughes <tom@xxxxxxxxxx> - 1.1.0-41 - Add patch for CVE-2024-38517 aka RHBZ#2296979 * Sun Feb 25 2024 Richard W.M. Jones <rjones@xxxxxxxxxx> - 1.1.0-28 - Bump and rebuild package (for riscv64) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2296979 - CVE-2024-38517 rapidjson: privilege escalation via integer underflow in GenericReader::ParseNumber() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2296979 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-fb1e912d0e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue