Fedora 31: FEDORA-2020-97e8a67945 Critical: JSON Parser Infinite Loop

Alternative JSON parser for Go.

It does not require you to know the structure of the payload (eg. create

structs), and allows accessing fields by providing the path to them. It is up to

10 times faster than standard encoding/json package (depending on payload size

and usage), allocates no memory.

Multiple bug fixes, including a fix for CVE-2020-10675 .

* Mon Apr 6 2020 Dominik Mierzejewski <dominik@greysector.net> - 0-0.8.20200406gitf7e751e

- Bump to commit f7e751efca132eb5c767c4b0b20f68524ba89742 (fixes CVE-2020-10675)

[ 1 ] Bug #1817733 - CVE-2020-10675 golang-github-buger-jsonparser: infinite loop via a Delete call

https://bugzilla.redhat.com/show_bug.cgi?id=1817733

su -c 'dnf upgrade --advisory FEDORA-2020-97e8a67945' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/