python/python-ujson
SHA256
14
0
Fork 0
forked from pool/python-ujson
Code Pull Requests Activity

- update to 5.4.0 (CVE-2022-31116, bsc#1201255, CVE-2022-31117, bsc#1201254):

Browse Source 
* Replace wchar_t string decoding implementation with a uint32_t-based one
  * Fix handling of surrogates on decoding
  * CVE-2022-31117: Potential double free of buffer during string decoding
  * Fix memory leak on encoding errors when the buffer was resized
  * Integer parsing: always detect overflows
  * Fix handling of surrogates on encoding

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-ujson?expand=0&rev=32
This commit is contained in:
Dirk Mueller
2022-07-08 11:58:48 +00:00
committed by Git OBS Bridge
parent ecc0d8fce2
commit a801bb98df
4 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
python-ujson.changes
View File

@@ -1,3 +1,14 @@
-------------------------------------------------------------------
Fri Jul 8 11:55:32 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 5.4.0 (CVE-2022-31116, bsc#1201255, CVE-2022-31117, bsc#1201254):
* Replace wchar_t string decoding implementation with a uint32_t-based one
* Fix handling of surrogates on decoding
* CVE-2022-31117: Potential double free of buffer during string decoding
* Fix memory leak on encoding errors when the buffer was resized
* Integer parsing: always detect overflows
* Fix handling of surrogates on encoding
-------------------------------------------------------------------
Tue May 24 16:34:36 UTC 2022 - Gayane Osipyan <Gayane.Osipyan@suse.com>