| Message ID | 20231218125026.3844825-1-peter@korsgaard.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | package/jq: security bump to version 1.7.1 | expand |
Peter, All, On 2023-12-18 13:50 +0100, Peter Korsgaard spake thusly: > Fixes the following security issues: > > CVE-2023-50246: Fix heap buffer overflow in jvp_literal_number_literal > https://github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc > > CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload > https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j > > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Applied to master, thanks. Regards, Yann E. MORIN. > --- > package/jq/jq.hash | 2 +- > package/jq/jq.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/package/jq/jq.hash b/package/jq/jq.hash > index 6c2db98e87..d4d8656ea0 100644 > --- a/package/jq/jq.hash > +++ b/package/jq/jq.hash > @@ -1,3 +1,3 @@ > # Locally calculated > -sha256 402a0d6975d946e6f4e484d1a84320414a0ff8eb6cf49d2c11d144d4d344db62 jq-1.7.tar.gz > +sha256 478c9ca129fd2e3443fe27314b455e211e0d8c60bc8ff7df703873deeee580c2 jq-1.7.1.tar.gz > sha256 10e974638a41fadfd72357f2f3a4325e20b856c563365128f72feaa406f8c92d COPYING > diff --git a/package/jq/jq.mk b/package/jq/jq.mk > index d886459dcc..8c417fad31 100644 > --- a/package/jq/jq.mk > +++ b/package/jq/jq.mk > @@ -4,7 +4,7 @@ > # > ################################################################################ > > -JQ_VERSION = 1.7 > +JQ_VERSION = 1.7.1 > JQ_SITE = https://github.com/jqlang/jq/releases/download/jq-$(JQ_VERSION) > JQ_LICENSE = MIT (code), ICU (decNumber), CC-BY-3.0 (documentation) > JQ_LICENSE_FILES = COPYING > -- > 2.39.2 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > Fixes the following security issues: > CVE-2023-50246: Fix heap buffer overflow in jvp_literal_number_literal > https://github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc > CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload > https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed to 2023.02.x and 2023.11.x, thanks.
diff --git a/package/jq/jq.hash b/package/jq/jq.hash index 6c2db98e87..d4d8656ea0 100644 --- a/package/jq/jq.hash +++ b/package/jq/jq.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 402a0d6975d946e6f4e484d1a84320414a0ff8eb6cf49d2c11d144d4d344db62 jq-1.7.tar.gz +sha256 478c9ca129fd2e3443fe27314b455e211e0d8c60bc8ff7df703873deeee580c2 jq-1.7.1.tar.gz sha256 10e974638a41fadfd72357f2f3a4325e20b856c563365128f72feaa406f8c92d COPYING diff --git a/package/jq/jq.mk b/package/jq/jq.mk index d886459dcc..8c417fad31 100644 --- a/package/jq/jq.mk +++ b/package/jq/jq.mk @@ -4,7 +4,7 @@ # ################################################################################ -JQ_VERSION = 1.7 +JQ_VERSION = 1.7.1 JQ_SITE = https://github.com/jqlang/jq/releases/download/jq-$(JQ_VERSION) JQ_LICENSE = MIT (code), ICU (decNumber), CC-BY-3.0 (documentation) JQ_LICENSE_FILES = COPYING
Fixes the following security issues: CVE-2023-50246: Fix heap buffer overflow in jvp_literal_number_literal https://github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- package/jq/jq.hash | 2 +- package/jq/jq.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)