Debian Jansson vulnerabilities

CVE-2020-36325 [HIGH] CVE-2020-36325: jansson - An issue was discovered in Jansson through 2.13.1. Due to a parsing error in jso... An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2016-4425 [MEDIUM] CVE-2016-4425: jansson - Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of ... Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data. Scope: local bookworm: resolved (fixed in 2.7-5) bullseye: resolved (fixed in 2.7-5) forky: resolved (fixed in 2.7-5) sid: resolved (fixed in 2.7-5) trixie: resolved (fixed in 2.7-5)

CVE-2013-6401 [MEDIUM] CVE-2013-6401: jansson - Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash... Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document. Scope: local bookworm: resolved (fixed in 2.6-1) bullseye: resolved (fixed in 2.6-1) forky: resolved (fixed in 2.6-1) sid: resolved (fixed in 2.6-