Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
73e927c7 by Salvatore Bonaccorso at 2025-06-19T23:17:37+02:00
Add CVE-2025-49014/jq
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38,7 +38,12 @@ CVE-2025-50200 (RabbitMQ is a messaging and streaming
broker. In versions 3.13.7
CVE-2025-4738 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Yirmibes Software MY ERP
CVE-2025-49014 (jq is a command-line JSON processor. In version 1.8.0 a heap
use after ...)
- TODO: check
+ - jq <unfixed>
+ [bookworm] - jq <not-affected> (Vulnerable code introduced later)
+ [bullseye] - jq <not-affected> (Vulnerable code introduced later)
+ NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-rmjp-cr27-wpg2
+ NOTE: Introduced with:
https://github.com/jqlang/jq/commit/4003202ccf241cedb01cbe5f81523bcc40d588ad
(jq-1.8.0)
+ NOTE: Fixed by:
https://github.com/jqlang/jq/commit/499c91bca9d4d027833bc62787d1bb075c03680e
CVE-2025-48886 (Hydra is a layer-two scalability solution for Cardano. Prior
to versio ...)
NOT-FOR-US: Hydra
CVE-2025-36050 (IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores
potentially ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73e927c7b5706082248445284725bb457897f025
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73e927c7b5706082248445284725bb457897f025
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
