lua-cjson (2.1.0+dfsg-2.1ubuntu0.22.04.1~esm2) jammy-security; urgency=medium

  * SECURITY UPDATE: integer overflow in cjson library
    - debian/patches/CVE-2022-24834.patch: fix integer overflows due to
      wrong integer size by changing int to size_t for buffer sizes and
      lengths in strbuf.h, strbuf.c, and lua_cjson.c. Add overflow
      assertions in json_append_string() and strbuf buffer growth.
      Remove dead code (strbuf_append_fmt, strbuf_append_fmt_retry,
      strbuf_set_increment). Add smoke tests for encode/decode paths
      affected by the overflow fixes.
    - CVE-2022-24834 

 -- Vyom Yadav <vyom.yadav@canonical.com>  Fri, 10 Apr 2026 13:57:04 +0530

lua-cjson (2.1.0+dfsg-2.1) unstable; urgency=medium

  * Non-maintainer upload.
  * debian/control: Drop explicit Pre-Depends on multiarch-support
    (Closes: #870548).

 -- Aurelien Jarno <aurel32@debian.org>  Sat, 20 Jan 2018 21:15:36 +0100

lua-cjson (2.1.0+dfsg-2) unstable; urgency=low

  * Add debian/watch file.

 -- Dmitry E. Oboukhov <unera@debian.org>  Mon, 24 Sep 2012 11:50:30 +0400

lua-cjson (2.1.0+dfsg-1) unstable; urgency=low

  * Initial release. (Closes: #685591)

 -- Dmitry E. Oboukhov <unera@debian.org>  Fri, 24 Aug 2012 14:35:49 +0400

