xqilla also embeds yajl, is vulnerable to CVE-2017-16516 and CVE-2022-24795.

2 files changed, 3 insertions, 0 deletions

diff --git a/data/CVE/list b/data/CVE/list
index cb59212df1..fcc28338c8 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -104258,6 +104258,7 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation
 	- lnav <unfixed> (bug #1040160)
 	- r-cran-jsonlite <unfixed> (bug #1040161)
 	- whitedb 0.7.3+git211004+dfsg-1
+	- xqilla <unfixed> (bug #1040164)
 	NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm
 	NOTE: https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6
 	NOTE: https://github.com/brianmario/yajl-ruby/commit/e8de283a6d64f0902740fd09e858fc3d7d803161
@@ -381992,6 +381993,7 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is
 	- lnav <unfixed> (bug #1040160)
 	- r-cran-jsonlite <unfixed> (bug #1040161)
 	- whitedb 0.7.3+git211004+dfsg-1
+	- xqilla <unfixed> (bug #1040164)
 	NOTE: https://github.com/brianmario/yajl-ruby/issues/176
 	NOTE: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce
 	NOTE: yail: https://github.com/lloyd/yajl/issues/248
diff --git a/data/embedded-code-copies b/data/embedded-code-copies
index a7bf098663..68601c9dd8 100644
--- a/data/embedded-code-copies
+++ b/data/embedded-code-copies
@@ -1271,6 +1271,7 @@ yajl
 	- r-cran-jsonlite <unfixed> (embed; bug #1039082)
 	- ruby-yajl <unfixed> (embed; bug #881142)
 	- whitedb 0.7.3+git211004+dfsg-1 (embed; bug #1039088)
+	- xqilla <unfixed> (embed; bug #1040163)
 
 nusoap
 	- gforge 4.8.2-1 (embed)