The current release in the quarterly branch, 0.13.1_1, is marked as vulnerable by vuln.xml:
$ sudo pkg audit
json-c-0.13.1_1 is vulnerable:
json-c -- integer overflow and out-of-bounds write via a large JSON file
Can the version containing the fix for this, 0.14, be updated in the quarterly branch?
Approved for MFH with add a Vuxml entry
Seems this has now been merged to the current quarterly repo, so this can probably be closed.