Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #6291

Re: Handle jq CVE-2023-49355, which is equal to CVE-2023-50246

From ChangZhuo Chen (陳昌倬) <czchen@debian.org>
Newsgroups linux.debian.security
Subject Re: Handle jq CVE-2023-49355, which is equal to CVE-2023-50246
Date 2023-12-20 03:40 +0100
Message-ID <HMUF4-eLn7-3@gated-at.bofh.it> (permalink)
References <HLzW1-dX6i-5@gated-at.bofh.it> <HMUF4-eLn7-5@gated-at.bofh.it>
Organization The Debian Project

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

On Tue, Dec 19, 2023 at 05:13:34PM +0100, Sylvain Beucler wrote:
> On 16/12/2023 11:15, ChangZhuo Chen (陳昌倬) wrote:
> > I am jq maintainer, and right now CVE-2023-49355 is listed in security
> > tracker [0]. However, this CVE is equal to CVE-2023-50246 according to
> > upstream [1], which has been fixed in 1.7.1-1 [2].
> > 
> > In this case, how should I handle CVE-2023-49355?
> > 
> > 
> > [0] https://security-tracker.debian.org/tracker/source-package/jq
> > [1] https://github.com/jqlang/jq/issues/2986
> > [2] https://bugs.debian.org/1058763
> 
> Ideally you can contact MITRE through https://cveform.mitre.org/ to mark
> CVE-2023-49355 as a duplicate.

Submitted, thanks for the information.


-- 
ChangZhuo Chen (陳昌倬) czchen@{czchen,debian}.org
Key fingerprint = BA04 346D C2E1 FE63 C790  8793 CC65 B0CD EC27 5D5B

Back to linux.debian.security | Previous | NextPrevious in thread | Find similar

Thread

Handle jq CVE-2023-49355, which is equal to CVE-2023-50246 ChangZhuo Chen (陳昌倬) <czchen@debian.org> - 2023-12-16 11:20 +0100
  Re: Handle jq CVE-2023-49355, which is equal to CVE-2023-50246 ChangZhuo Chen (陳昌倬) <czchen@debian.org> - 2023-12-20 03:40 +0100

csiph-web