From bdd47c99da028befbadee7c290cb2eed02fcd835 Mon Sep 17 00:00:00 2001
From: Peng Zhang <Peng.Zhang2@windriver.com>
Date: Fri, 3 Nov 2023 13:13:13 +0000
Subject: [PATCH] Debian: yajl: fix multiple CVEs

Upgrade yajl-tools package version from 2.1.0-3
to 2.1.0-3+deb11u2, libyajl-dev package from
2.1.0-3 to 2.1.0-3+deb11u2, libyajl2 package from
2.1.0-3 to 2.1.0-3+deb11u2 to fix
CVE-2017-16516/CVE-2022-24795/CVE-2023-33460.

Refer to:
https://nvd.nist.gov/vuln/detail/CVE-2017-16516
https://nvd.nist.gov/vuln/detail/CVE-2022-24795
https://nvd.nist.gov/vuln/detail/CVE-2023-33460

Test Plan:
Pass: downloader
Pass: build-pkgs --clean --all
Pass: build-image
Pass: boot

Closes-bug: #2038882

Change-Id: I2095b68896d2db1eb881d8a0357d291491b6dbc1
Signed-off-by: Peng Zhang <Peng.Zhang2@windriver.com>
---
 debian-mirror-tools/config/debian/common/base-bullseye.lst | 4 ++--
 debian-mirror-tools/config/debian/distro/os-std.lst        | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian-mirror-tools/config/debian/common/base-bullseye.lst b/debian-mirror-tools/config/debian/common/base-bullseye.lst
index f7d4196e..de5b1b3a 100644
--- a/debian-mirror-tools/config/debian/common/base-bullseye.lst
+++ b/debian-mirror-tools/config/debian/common/base-bullseye.lst
@@ -755,8 +755,8 @@ libxslt1-dev 1.1.34-4+deb11u1 https://snapshot.debian.org/archive/debian/2022082
 libxt6  1:1.2.0-1
 libxtables12  1.8.7-1
 libxxhash0  0.8.0-2
-libyajl-dev  2.1.0-3
-libyajl2  2.1.0-3
+libyajl-dev  2.1.0-3+deb11u2  https://snapshot.debian.org/archive/debian/20230725T030258Z/pool/main/y/yajl/libyajl-dev_2.1.0-3%2Bdeb11u2_amd64.deb
+libyajl2  2.1.0-3+deb11u2  https://snapshot.debian.org/archive/debian/20230725T030258Z/pool/main/y/yajl/libyajl2_2.1.0-3%2Bdeb11u2_amd64.deb
 libyaml-0-2  0.2.2-1
 libyaml-cpp0.6  0.6.3-9
 libz3-4  4.8.10-1
diff --git a/debian-mirror-tools/config/debian/distro/os-std.lst b/debian-mirror-tools/config/debian/distro/os-std.lst
index 1d4c1bf0..7fa45348 100644
--- a/debian-mirror-tools/config/debian/distro/os-std.lst
+++ b/debian-mirror-tools/config/debian/distro/os-std.lst
@@ -6,4 +6,4 @@ kexec-tools 1:2.0.20-2.1
 crash 7.2.9-2
 liblzo2-2 2.10-2
 pigz 2.6-1
-yajl-tools 2.1.0-3
+yajl-tools 2.1.0-3+deb11u2 https://snapshot.debian.org/archive/debian/20230725T030258Z/pool/main/y/yajl/yajl-tools_2.1.0-3%2Bdeb11u2_amd64.deb