Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.security > #6291
| Path | csiph.com!fu-berlin.de!bofh.it!news.nic.it!robomod |
|---|---|
| From | ChangZhuo Chen (陳昌倬) <czchen@debian.org> |
| Newsgroups | linux.debian.security |
| Subject | Re: Handle jq CVE-2023-49355, which is equal to CVE-2023-50246 |
| Date | Wed, 20 Dec 2023 03:40:02 +0100 |
| Message-ID | <HMUF4-eLn7-3@gated-at.bofh.it> (permalink) |
| References | <HLzW1-dX6i-5@gated-at.bofh.it> <HMUF4-eLn7-5@gated-at.bofh.it> |
| X-Original-To | Sylvain Beucler <beuc@beuc.net> |
| X-Mailbox-Line | From debian-security-request@lists.debian.org Wed Dec 20 02:36:53 2023 |
| Old-Return-Path | <czchen@gmail.com> |
| X-Amavis-Spam-Status | No, score=-8.808 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, BODY_8BITS=1.5, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, FSL_HELO_FAKE=1.199, HEADER_FROM_DIFFERENT_DOMAINS=0.25, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no |
| X-Policyd-Weight | NOT_IN_SBL_XBL_SPAMHAUS=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .gmail. - helo: .mail-pg1-f182.google. - helo-domain: .google.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -5.5 |
| X-Gm-Message-State | AOJu0YwFwCVkLDxWjw64r3NfX54u3xkmi+iRWmJGCpHpZjCAgeSVV2Rn 3FEUT/3/E6msLMdMFSuBJ9w= |
| X-Google-SMTP-Source | AGHT+IGO1RM70c65J77jPp5IDUpZ8jjtUyT5VpBXeXcGxh9L6YRcCbmpES4KYOkaft3Zs33dtwir6A== |
| X-Received | by 2002:a05:6a20:4b21:b0:190:6617:270e with SMTP id fp33-20020a056a204b2100b001906617270emr19130540pzb.41.1703039793782; Tue, 19 Dec 2023 18:36:33 -0800 (PST) |
| MIME-Version | 1.0 |
| Content-Type | multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="HSoAswy6OwIDYONa" |
| Content-Disposition | inline |
| Organization | The Debian Project |
| X-Mailing-List | <debian-security@lists.debian.org> archive/latest/29470 |
| List-ID | <debian-security.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-security/> |
| List-Archive | https://lists.debian.org/msgid-search/ZYJTLGv5WsCf5uoQ@gmail.com |
| Approved | robomod@news.nic.it |
| Lines | 50 |
| Sender | robomod@news.nic.it |
| X-Original-Cc | ChangZhuo Chen (陳昌倬) <czchen@debian.org>, debian-security@lists.debian.org |
| X-Original-Date | Wed, 20 Dec 2023 10:36:28 +0800 |
| X-Original-Message-ID | <ZYJTLGv5WsCf5uoQ@gmail.com> |
| X-Original-References | <ZX14ppn425709nf5@gmail.com> <156c1481-b22f-4ed7-a050-b6f72c738efb@beuc.net> |
| Xref | csiph.com linux.debian.security:6291 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
On Tue, Dec 19, 2023 at 05:13:34PM +0100, Sylvain Beucler wrote:
> On 16/12/2023 11:15, ChangZhuo Chen (陳昌倬) wrote:
> > I am jq maintainer, and right now CVE-2023-49355 is listed in security
> > tracker [0]. However, this CVE is equal to CVE-2023-50246 according to
> > upstream [1], which has been fixed in 1.7.1-1 [2].
> >
> > In this case, how should I handle CVE-2023-49355?
> >
> >
> > [0] https://security-tracker.debian.org/tracker/source-package/jq
> > [1] https://github.com/jqlang/jq/issues/2986
> > [2] https://bugs.debian.org/1058763
>
> Ideally you can contact MITRE through https://cveform.mitre.org/ to mark
> CVE-2023-49355 as a duplicate.
Submitted, thanks for the information.
--
ChangZhuo Chen (陳昌倬) czchen@{czchen,debian}.org
Key fingerprint = BA04 346D C2E1 FE63 C790 8793 CC65 B0CD EC27 5D5B
Back to linux.debian.security | Previous | Next — Previous in thread | Find similar
Handle jq CVE-2023-49355, which is equal to CVE-2023-50246 ChangZhuo Chen (陳昌倬) <czchen@debian.org> - 2023-12-16 11:20 +0100 Re: Handle jq CVE-2023-49355, which is equal to CVE-2023-50246 ChangZhuo Chen (陳昌倬) <czchen@debian.org> - 2023-12-20 03:40 +0100
csiph-web