From ${URL} : A vulnerability was found in jansson. Parsing a maliciously crafted JSON file could cause the application to crash. This crash is caused by stack exhaustion. References: http://seclists.org/oss-sec/2016/q2/181 External references: https://github.com/akheron/jansson/issues/282 Possible fix: https://github.com/akheron/jansson/pull/283 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
fixed here: https://github.com/akheron/jansson/pull/284
commit fd6313631179bba8b0e2b9d9cedeadc2d2151ad1 Author: Lars <polynomial-c@gentoo.org> Date: Thu Nov 3 11:57:34 2016 dev-libs/jansson: Bump to version 2.9 (bug #598832) and to EAPI-6. Added multilib support (bug 570006). This release also fixes the security issue reported in bug #581954. Closes: https://github.com/gentoo/gentoo/pull/2728 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
GLSA Vote: No @arches, please stabilize.
CVE-2016-4425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4425): Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
amd64 stable
x86 stable
ppc64 stable
Stable on alpha.
arm stable
sparc stable
ppc stable
Stable for HPPA.
ia64 stable. Maintainer(s), please cleanup.
Restoring whiteboard. Cleanup PR: https://github.com/gentoo/gentoo/pull/3546
Tree is clean.