Version in base suite: 1.7.18-3.1

Base version: cjson_1.7.18-3.1
Target version: cjson_1.7.18-3.1+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/c/cjson/cjson_1.7.18-3.1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/c/cjson/cjson_1.7.18-3.1+deb13u1.dsc

 changelog                     |    6 ++++++
 patches/CVE-2025-57052.patch- |   17 +++++++++++++++++
 patches/series                |    1 +
 3 files changed, 24 insertions(+)

gpgv: Signature made Fri Sep 12 21:46:02 2025 UTC
gpgv:                using RSA key B6E62F3D12AC38495C0DA90510C293B6C37C4E36
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: Can't check signature: Bad public key
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpp9q6l56o/cjson_1.7.18-3.1+deb13u1.dsc: no acceptable signature found
diff -Nru cjson-1.7.18/debian/changelog cjson-1.7.18/debian/changelog
--- cjson-1.7.18/debian/changelog	2025-06-13 16:02:53.000000000 +0000
+++ cjson-1.7.18/debian/changelog	2025-09-11 22:24:25.000000000 +0000
@@ -1,3 +1,9 @@
+cjson (1.7.18-3.1+deb13u1) trixie-security; urgency=medium
+
+  * CVE-2025-57052 (Closes: #1114757)
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Fri, 12 Sep 2025 00:24:25 +0200
+
 cjson (1.7.18-3.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru cjson-1.7.18/debian/patches/CVE-2025-57052.patch- cjson-1.7.18/debian/patches/CVE-2025-57052.patch-
--- cjson-1.7.18/debian/patches/CVE-2025-57052.patch-	1970-01-01 00:00:00.000000000 +0000
+++ cjson-1.7.18/debian/patches/CVE-2025-57052.patch-	2025-09-11 22:24:25.000000000 +0000
@@ -0,0 +1,17 @@
+From 74e1ff4994aa4139126967f6d289b675b4b36fef Mon Sep 17 00:00:00 2001
+From: Lee <peteralfredlee@gmail.com>
+Date: Fri, 5 Sep 2025 14:53:20 +0800
+Subject: [PATCH] fix the incorrect check in decode_array_index_from_pointer
+ (#957)
+
+--- cjson-1.7.18.orig/cJSON_Utils.c
++++ cjson-1.7.18/cJSON_Utils.c
+@@ -282,7 +282,7 @@ static cJSON_bool decode_array_index_fro
+         return 0;
+     }
+ 
+-    for (position = 0; (pointer[position] >= '0') && (pointer[0] <= '9'); position++)
++    for (position = 0; (pointer[position] >= '0') && (pointer[position] <= '9'); position++)
+     {
+         parsed_index = (10 * parsed_index) + (size_t)(pointer[position] - '0');
+ 
diff -Nru cjson-1.7.18/debian/patches/series cjson-1.7.18/debian/patches/series
--- cjson-1.7.18/debian/patches/series	2025-06-13 16:02:53.000000000 +0000
+++ cjson-1.7.18/debian/patches/series	2025-09-11 22:24:25.000000000 +0000
@@ -1 +1,2 @@
 0001-allocate-memory-for-the-temporary-buffer.patch
+CVE-2025-57052.patch-