-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-4975 2014-04-14 21:53:59 --------------------------------------------------------------------------------
Name : json-c Product : Fedora 19 Version : 0.11 Release : 6.fc19 URL : https://github.com/json-c/json-c/wiki Summary : A JSON implementation in C Description : JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON formatted strings and parse JSON formatted strings back into the C representation of JSON objects.
-------------------------------------------------------------------------------- Update Information:
Address CVE-2013-6370 and CVE-2013-6371. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 9 2014 Susi Lehtola jussilehtola@fedoraproject.org - 0.11-7 - Address CVE-2013-6371 and CVE-2013-6370 (BZ #1085676 and #1085677). - Enabled rdrand support. * Mon Feb 10 2014 Susi Lehtola jussilehtola@fedoraproject.org - 0.11-6 - Bump spec. * Sat Dec 21 2013 Ville Skyttä ville.skytta@iki.fi - 0.11-5 - Run test suite during build. - Drop empty NEWS from docs. * Tue Sep 10 2013 Susi Lehtola jussilehtola@fedoraproject.org - 0.11-4 - Remove default warning flags so that package builds on EPEL as well. * Sat Aug 24 2013 Remi Collet remi@fedoraproject.org - 0.11-3 - increase parser strictness for php * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1032311 - CVE-2013-6371 json-c: hash collision DoS https://bugzilla.redhat.com/show_bug.cgi?id=1032311 [ 2 ] Bug #1032322 - CVE-2013-6370 json-c: buffer overflow if size_t is larger than int https://bugzilla.redhat.com/show_bug.cgi?id=1032322 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update json-c' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org