—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-3577-1 security@debian.org
https://www.debian.org/security/ Alessandro Ghedini
May 14, 2016 https://www.debian.org/security/faq
– ————————————————————————-

Package : jansson
CVE ID : CVE-2016-4425
Debian Bug : 823238

Gustavo Grieco discovered that jansson, a C library for encoding,
decoding and manipulating JSON data, did not limit the recursion depth
when parsing JSON arrays and objects. This could allow remote attackers
to cause a denial of service (crash) via stack exhaustion, using crafted
JSON data.

For the stable distribution (jessie), this problem has been fixed in
version 2.7-1+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 2.7-5.

We recommend that you upgrade your jansson packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJXN1f0AAoJEK+lG9bN5XPL6yMP/0rcvD6Leb575MxsRC1eq5oL
NrwgqJ/x6kE96jHBYYcM8Ra+riJnNCLF1gcbX2vp/xBYbKPR63RvHKLm3J8BEc+j
Hb3m+7joxf+JXkuKaPR51cm7sKQ6rWIKydd87KEXr1Iiam5a5MUfFJpHLkUvihZ9
TQAKSztIJumxlZKdIYH+0A7TghoeczPcioqDfRJ14kE9hwh4d+qnL0r/CYwGS88Q
Zor0Zi4OWhHCU2BPzNLSN1qXRvOTgPRd/+bKrJHxbAY8UCyd7b+BDk9NWX9nkdfZ
AoSYvLtPEQeGI8j0YZ9tzXKHX9E/WSWOrnPn0p1tn9qFvvAJpe/ev4/SooLD1a1O
2MyY77cattsX+LAHAZdsqasOzvd5EuIB9/kiwJ3tSfWjj9o08zjGH8hvp6vGeM+a
EUfZfc7AyW+l6glxJ9n3Njf1w1JjyYW6X2NfPEo47EQLYngtDCHS1E3Qg2ZscEen
DsTKTc2GrYrQqDylfZUTWUD+pVKp1itarYq5pT6Bwfm+Oul7PHnGS+eDW1DexCUk
dBedSuOMm3yiBwDI/bscGUMz8EnAJt8+86IhGa+76DByI7EFA54g7SyYFI4y68Ir
b2FqnRcT17JhMo+P6/5CchnZdYzwVfN9u/tlLX1JKpY0u5f2oQQia56iYdF7rtwg
LP8qraUYeK60btbLYmpO
=pQ8j
—–END PGP SIGNATURE—–