-
Notifications
You must be signed in to change notification settings - Fork 438
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2017-16516 #248
Comments
Description: Fix for CVE-2017-16516 Potential buffer overread: A JSON file can cause denial of service. Origin: brianmario/yajl-ruby@a8ca8f4 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040036 Bug: lloyd#248 Patch taken from Debian package source Signed-off-by: Daniel P. Berrangé <[email protected]>
Description: Fix for CVE-2017-16516 Potential buffer overread: A JSON file can cause denial of service. Origin: brianmario/yajl-ruby@a8ca8f4 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040036 Bug: lloyd#248 Patch taken from Debian package source NB, Fedora code can't trigger the reported aborts since it passes the -DNDEBUG flag, but pulling the fix for robustness in case a future change enables the assert()s. Signed-off-by: Daniel P. Berrangé <[email protected]>
I confirmed the problem affects git
Simply not passing The fix mentioned from |
…er left and have peeked ahead to see that a unicode escape is approaching. Thanks @kivikakk for helping me track down the actual bug here! Fixes: CVE-2017-16516 Origin: brianmario/yajl-ruby@a8ca8f4 Bug: lloyd/yajl#248 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040036
…er left and have peeked ahead to see that a unicode escape is approaching. Thanks @kivikakk for helping me track down the actual bug here! Fixes: CVE-2017-16516 Origin: brianmario/yajl-ruby@a8ca8f4 Bug: lloyd/yajl#248 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040036
Potential buffer overread: A JSON file can cause denial of service. Origin: brianmario/yajl-ruby@a8ca8f4 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040036 Bug: lloyd#248
Hello, yajl-ruby has a fix for CVE-2017-16516 that might be affecting yajl as well. Can you backport it? The commit is brianmario/yajl-ruby@a8ca8f4
Thanks!
The text was updated successfully, but these errors were encountered: