Advisories ยป MGASA-2022-0270

Updated python-ujson packages fix security vulnerability

Publication date: 29 Jul 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-31116 , CVE-2022-31117

Description

Add support for arbitrary size integers.
Replace 'wchar_t' string decoding implementation with a 'uint32_t'-based
one; fix handling of surrogates on decoding (CVE-2022-31116)
Potential double free of buffer during string decoding - Fix memory leak
on encoding errors when the buffer was resized - Integer parsing: always
detect overflows - Fix handling of surrogates on encoding (CVE-2022-31117)
                

References

SRPMS

8/core