| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| dynamically-link-tools.patch | Upstream statically links json_verify and json_reformat to libyajl. This lets us link the tools to the shared lib. (Closes #544721) |
no | ||||
| multiarch.patch | Support installation of multiarch binaries. Define MULTIARCH_TUPLE at config time. |
no | ||||
| CVE-2017-16516.patch | Fix for CVE-2017-16516 Potential buffer overread: A JSON file can cause denial of service. | yes | debian upstream | https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce | ||
| CVE-2022-24795.patch | Fix for CVE-2022-24795 An integer overflow will lead to heap memory corruption with large (~2GB) inputs. | yes | debian upstream | https://github.com/ppisar/yajl/commit/23cea2d7677e396efed78bbf1bf153961fab6bad | ||
| CVE-2023-33460.patch | Fix for CVE-2023-33460a Memory leak in yajl 2.1.0 with use of yajl_tree_parse function See https://github.com/lloyd/yajl/issues/250#issuecomment-1628695214 |
yes | debian upstream | https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698 |