Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#50330 - [jq] Backport fix for CVE-2015-8863 (heap-based buffer overflow)
Attached to Project:
Community Packages
Opened by Remi Gacogne (rgacogne) - Tuesday, 09 August 2016, 16:08 GMT
Last edited by Evgeniy Alexeev (arcan1s) - Wednesday, 10 August 2016, 10:59 GMT
Opened by Remi Gacogne (rgacogne) - Tuesday, 09 August 2016, 16:08 GMT
Last edited by Evgeniy Alexeev (arcan1s) - Wednesday, 10 August 2016, 10:59 GMT
|
DetailsHi,
There is a long-standing security issue[1] in jq, for which there is a committed fix[2] but no released version. Would you be willing to consider backporting the fix? While unlikely, it looks like this security issue might lead to arbitrary code execution and the fix is trivial, so I think it might be worth it. Thank you! [1]: http://seclists.org/oss-sec/2016/q2/135 [2]: https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd |
This task depends upon
Closed by Evgeniy Alexeev (arcan1s)
Wednesday, 10 August 2016, 10:59 GMT
Reason for closing: Fixed
Additional comments about closing: 1.5-4
Wednesday, 10 August 2016, 10:59 GMT
Reason for closing: Fixed
Additional comments about closing: 1.5-4