[Bug 247089] devel/json-c: update quarterly to 0.14

Mon Jun 8 18:47:16 UTC 2020

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247089

            Bug ID: 247089
           Summary: devel/json-c: update quarterly to 0.14
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: sunpoet at FreeBSD.org
          Reporter: pioto at pioto.org
             Flags: maintainer-feedback?(sunpoet at FreeBSD.org)
          Assignee: sunpoet at FreeBSD.org

The current release in the quarterly branch, 0.13.1_1, is marked as vulnerable
by vuln.xml:

$ sudo pkg audit
json-c-0.13.1_1 is vulnerable:
json-c -- integer overflow and out-of-bounds write via a large JSON file
CVE: CVE-2020-12762
WWW:
https://vuxml.FreeBSD.org/freebsd/abc3ef37-95d4-11ea-9004-25fadb81abf4.html

Can the version containing the fix for this, 0.14, be updated in the quarterly
branch?

-- 
You are receiving this mail because:
You are the assignee for the bug.