Version in base suite: 2.1.0-3 Base version: yajl_2.1.0-3 Target version: yajl_2.1.0-3+deb11u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/y/yajl/yajl_2.1.0-3.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/y/yajl/yajl_2.1.0-3+deb11u1.dsc changelog | 7 +++++++ patches/CVE-2023-33460.patch | 21 +++++++++++++++++++++ patches/series | 1 + 3 files changed, 29 insertions(+) diff -Nru yajl-2.1.0/debian/changelog yajl-2.1.0/debian/changelog --- yajl-2.1.0/debian/changelog 2018-10-02 22:51:58.000000000 +0000 +++ yajl-2.1.0/debian/changelog 2023-07-02 11:31:39.000000000 +0000 @@ -1,3 +1,10 @@ +yajl (2.1.0-3+deb11u1) bullseye; urgency=medium + + * Non-maintainer upload. + * Import upstream patch for CVE-2023-33460. (Closes: #1039984) + + -- Tobias Frost Sun, 02 Jul 2023 13:31:39 +0200 + yajl (2.1.0-3) unstable; urgency=medium [ Jelmer Vernooij ] diff -Nru yajl-2.1.0/debian/patches/CVE-2023-33460.patch yajl-2.1.0/debian/patches/CVE-2023-33460.patch --- yajl-2.1.0/debian/patches/CVE-2023-33460.patch 1970-01-01 00:00:00.000000000 +0000 +++ yajl-2.1.0/debian/patches/CVE-2023-33460.patch 2023-07-02 11:30:08.000000000 +0000 @@ -0,0 +1,21 @@ +From 23a122eddaa28165a6c219000adcc31ff9a8a698 Mon Sep 17 00:00:00 2001 +From: "zhang.jiujiu" <282627424@qq.com> +Date: Tue, 7 Dec 2021 22:37:02 +0800 +Subject: [PATCH] fix memory leaks + +--- + src/yajl_tree.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/src/yajl_tree.c ++++ b/src/yajl_tree.c +@@ -445,6 +445,9 @@ + YA_FREE(&(handle->alloc), internal_err_str); + } + yajl_free (handle); ++ //If the requested memory is not released in time, it will cause memory leakage ++ if(ctx.root) ++ yajl_tree_free(ctx.root); + return NULL; + } + diff -Nru yajl-2.1.0/debian/patches/series yajl-2.1.0/debian/patches/series --- yajl-2.1.0/debian/patches/series 2015-09-25 12:44:02.000000000 +0000 +++ yajl-2.1.0/debian/patches/series 2023-07-02 11:30:08.000000000 +0000 @@ -1,2 +1,3 @@ dynamically-link-tools.patch multiarch.patch +CVE-2023-33460.patch