FS#50330 : [jq] Backport fix for CVE-2015-8863 (heap-based buffer overflow)

FS#50330 - [jq] Backport fix for CVE-2015-8863 (heap-based buffer overflow)

Attached to Project: Community Packages
Opened by Remi Gacogne (rgacogne) - Tuesday, 09 August 2016, 16:08 GMT
Last edited by Evgeniy Alexeev (arcan1s) - Wednesday, 10 August 2016, 10:59 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Evgeniy Alexeev (arcan1s)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Hi,

There is a long-standing security issue[1] in jq, for which there is a committed fix[2] but no released version. Would you be willing to consider backporting the fix? While unlikely, it looks like this security issue might lead to arbitrary code execution and the fix is trivial, so I think it might be worth it.

Thank you!

[1]: http://seclists.org/oss-sec/2016/q2/135
[2]: https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd

This task depends upon

Closed by Evgeniy Alexeev (arcan1s)
Wednesday, 10 August 2016, 10:59 GMT
Reason for closing: Fixed
Additional comments about closing: 1.5-4

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#50330 - [jq] Backport fix for CVE-2015-8863 (heap-based buffer overflow)

Details

Loading...