FEDORA-EPEL-2022-1026769ad3 — security update for python-ujson

stable

python-ujson-5.4.0-1.el9

FEDORA-EPEL-2022-1026769ad3 created by music a year ago for Fedora EPEL 9

Security fix for CVE-2022-31116 and CVE-2022-31117.

5.4.0

Added

Add support for arbitrary size integers

Fixed

CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding

This update has been submitted for testing by music.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Builds

python-ujson-5.4.0-1.el9

Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

a year ago

in testing

a year ago

in stable

a year ago

BZ#2103379 python-ujson-5.4.0 is available

BZ#2104739 CVE-2022-31117 python-ujson: Potential double free of buffer during string decoding

BZ#2104740 CVE-2022-31116 python-ujson: improper decoding of escaped surrogate characters may lead to string corruption, key confusion or value overwriting

BZ#2106987 CVE-2022-31117 python-ujson: Potential double free of buffer during string decoding [epel-all]

BZ#2106992 CVE-2022-31116 python-ujson: improper decoding of escaped surrogate characters may lead to string corruption, key confusion or value overwriting [epel-all]

python-ujson-5.4.0-1.el9

Automated Test Results

ignored