From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1FF5BCAC59B for ; Tue, 16 Sep 2025 18:53:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id C6A4B82531; Tue, 16 Sep 2025 18:53:53 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id OEU44Ox2OpTx; Tue, 16 Sep 2025 18:53:53 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.142; helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 0729782505 Received: from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142]) by smtp1.osuosl.org (Postfix) with ESMTP id 0729782505; Tue, 16 Sep 2025 18:53:53 +0000 (UTC) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists1.osuosl.org (Postfix) with ESMTP id 7DCB312D for ; Tue, 16 Sep 2025 18:53:52 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 62C96610B8 for ; Tue, 16 Sep 2025 18:53:52 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id vjm5PFZq_SYe for ; Tue, 16 Sep 2025 18:53:51 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a01:e0c:1:1599::11; helo=smtp2-g21.free.fr; envelope-from=ju.o@free.fr; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org 7E02360E42 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 7E02360E42 Received: from smtp2-g21.free.fr (smtp2-g21.free.fr [IPv6:2a01:e0c:1:1599::11]) by smtp3.osuosl.org (Postfix) with ESMTPS id 7E02360E42 for ; Tue, 16 Sep 2025 18:53:51 +0000 (UTC) Received: from webmail.free.fr (unknown [172.20.246.1]) (Authenticated sender: ju.o@free.fr) by smtp2-g21.free.fr (Postfix) with ESMTPA id 0F8932003C8; Tue, 16 Sep 2025 20:53:47 +0200 (CEST) Received: from 2a01:e0a:485:b220:7427:ac55:2702:f075 via 2a01:e0a:485:b220:7427:ac55:2702:f075 by webmail.free.fr with HTTP (HTTP/1.0 POST); Tue, 16 Sep 2025 20:53:47 +0200 MIME-Version: 1.0 Date: Tue, 16 Sep 2025 20:53:47 +0200 To: Peter Korsgaard Cc: buildroot@buildroot.org In-Reply-To: <20250916093105.525147-1-peter@korsgaard.com> References: <20250916093105.525147-1-peter@korsgaard.com> User-Agent: Webmail Free/1.6.11 Message-ID: X-Sender: ju.o@free.fr X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=free.fr; s=smtp-20201208; t=1758048829; bh=8My83IR6XI7Z643zSuXscvIgXZkG2hgnFOTh8fzanEU=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=BvgUopPDu4EfL4WuDqM5UxejGkLcqU+26l8itoNS9iuIixavvSD8VsoLgiYtM+SbJ vCD+Ura/52WsIKf0MSnHlTIsLw1U0nGEdLAQGxaDIqm9W8Z2tqt9UA/d6ubOClbwcy rwj/+1x2J5AhcKMHxGnreZC3ugxaU+kdy59GxmvoSd/tUj9OH+X/gbgikf/gkE7xig AfqDpEZcYISQ5MUhhKpdET3OaXiVYGpvXQzQ7BHmIKg8KCVzRmyw4jZIfq5ib8aKzH FjOSYKrbzg4AkFQKmiqauWskWWPqT7bIixaXWpt90WHNEfBAVZ/x3EbLEYhZs8zN7A GmqP3xrgnfUhw== X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=quarantine dis=none) header.from=free.fr X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=free.fr header.i=@free.fr header.a=rsa-sha256 header.s=smtp-20201208 header.b=BvgUopPD Subject: Re: [Buildroot] [PATCH] package/cjson: security bump to version 1.7.19 X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Julien Olivain via buildroot Reply-To: Julien Olivain Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" On 16/09/2025 11:31, Peter Korsgaard wrote: > Fixes the following security issue: > > CVE-2025-57052: cJSON 1.5.0 through 1.7.18 allows out-of-bounds access > via > the decode_array_index_from_pointer function in cJSON_Utils.c, allowing > remote attackers to bypass array bounds checking and access restricted > data > via malformed JSON pointer strings containing alphanumeric characters > > https://nvd.nist.gov/vuln/detail/CVE-2025-57052 > https://x-0r.com/posts/cJSON-Array-Index-Parsing-Vulnerability > https://github.com/DaveGamble/cJSON/commit/74e1ff4994aa4139126967f6d289b675b4b36fef > https://github.com/DaveGamble/cJSON/releases/tag/v1.7.19 > > Signed-off-by: Peter Korsgaard Applied to master, thanks. _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot