-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 21 May 2024 01:38:17 +0200
Source: json-smart
Architecture: source
Version: 2.2-2+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <anbe@debian.org>
Closes: 1033474 1039985
Changes:
 json-smart (2.2-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.  (Closes: #1039985)
 .
 json-smart (2.2-2+deb11u1) bullseye; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bullseye.  (Closes: #1039985)
 .
 json-smart (2.2-2+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2023-1370: stack overflow due to excessive recursion
     When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code
     parses an array or an object respectively. It was discovered that the
     code does not have any limit to the nesting of such arrays or
     objects. Since the parsing of nested arrays and objects is done
     recursively, nesting too many of them can cause a stack exhaustion
     (stack overflow) and crash the software. (Closes: #1033474)
   * CVE-2021-31684: Fix indexOf
     A vulnerability was discovered in the indexOf function of
     JSONParserByteArray in JSON Smart versions 1.3 and 2.4
     which causes a denial of service (DOS)
     via a crafted web request.
Checksums-Sha1:
 12681d4e9c2c27df8f9718e32016c0d3c2c26612 2094 json-smart_2.2-2+deb12u1.dsc
 d24ee7eb59c736c27660c883174505eff555c03f 6084 json-smart_2.2-2+deb12u1.debian.tar.xz
 e97b106e3c62f18fa1494eb96ccaf52cbf204e14 13530 json-smart_2.2-2+deb12u1_source.buildinfo
Checksums-Sha256:
 15b8c906664ee685e52457c5c4bbed7307af2c260e752f8e38116c087a531762 2094 json-smart_2.2-2+deb12u1.dsc
 7531fa48b62df60b301e81028cc6e8720860f3fd3de497ae7411c05372adcd8c 6084 json-smart_2.2-2+deb12u1.debian.tar.xz
 bd894ea54f17c978a2cc3ab2c06136eabc4802011d2ba77138ab1f60ea5cd290 13530 json-smart_2.2-2+deb12u1_source.buildinfo
Files:
 0f1ace273a9c8ed099a0287c017234d8 2094 java optional json-smart_2.2-2+deb12u1.dsc
 e0e77dba4e8b8de32567cec66b70f1d6 6084 java optional json-smart_2.2-2+deb12u1.debian.tar.xz
 9e2245afa710a74a0062f242ef7bd0d7 13530 java optional json-smart_2.2-2+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmZL4O8QHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCDYvEACEo797w2S+eqfEtdwkSE9c73Bpes/Plshx
1IEhukDTPNPhEz6c6MZ6Io8zewcIiPo9nh93c12uwzRsJb2CeD2HgX40ZTrxnMR8
IgZ56xH1gAuSra99K2/4cH6fnrVIpD2BkQfCTP8LkeGYXUHUizA2ZkN707lG+V4h
BKSS/WoMDX6uBdz1WqDiciW7hbyq+7wtVcJbRPYUn2ZKzpSu8W7ENV9KT6DRs/RM
D5a+cKobO7LHSFAipm1CSqjKs6osCy9fYaRL4CZZX3MKajIscWU01NPJ/fYz3td9
EuhXjxJz2LDFodAcRZhTu0JNNP0FPyD7SYnoc2LbkAalZihvPq38a/SnCHyZnlKv
WNxD9oEbyepf+uvWp1DMhE1VDZO0zLvLu9xzX9NTQif6h1vXnlPXpmoKGT1KqDjM
n2Uy1ZiINY2vZxLYPRKmiRtzCt83zCgmGV/m2rMDhGhfzd5VZntfnZ9YgqsyyHt+
uH/4soelXn3E+rDSGdV6KdXzCA5iEjrX8i6gIGNKRARtTFAYe//Qvv2cOrzSOZPS
U9nxk9mqwR5O/ZuDMVmMX9yH/joGyqKZMd05FpTA/ArBhf2KHE9mqMuK7tJ1cSuW
r9avVNNPIbWGc2XQtsgDRo7AnPnX7iGU2DMQDX0a5NxONOiWJlGiCapb7553WPrf
uwT4umOGGA==
=XJ9L
-----END PGP SIGNATURE-----