| Release | Version |
|---|---|
| bullseye | 1.5.3-1~deb11u1 |
| bookworm | 1.5.3-1 |
| trixie | 1.5.4-1 |
| forky | 1.5.4-1 |
| sid | 1.5.4-1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2023-5072 | vulnerable (no DSA) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | Denial of Service in JSON-Java versions up to and including 20230618. ... |
| CVE-2023-1436 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | An infinite recursion is triggered in Jettison when constructing a JSO ... |
| Bug | Description |
|---|---|
| CVE-2022-45693 | Jettison before v1.5.2 was discovered to contain a stack overflow via ... |
| CVE-2022-45685 | A stack overflow in Jettison before v1.5.2 allows attackers to cause a ... |
| CVE-2022-40150 | Those using Jettison to parse untrusted XML or JSON data may be vulner ... |
| CVE-2022-40149 | Those using Jettison to parse untrusted XML or JSON data may be vulner ... |
| DSA / DLA | Description |
|---|---|
| DSA-5312-1 | libjettison-java - security update |
| DLA-3259-1 | libjettison-java - security update |
| DLA-3184-1 | libjettison-java - security update |