On Thu, Aug 11, 2016 at 05:11:02PM +0200, Jelle Licht wrote: > Hello, > > Attached patch backports the commit[0] for jq that fixed the vulnerability > referred to as CVE-2015-8863[1]. Some feedback would be welcome. > > - Jelle > > * gnu/packages/patches/jq-CVE-2015-8863.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/web.scm (jq): Add it.
Thank you for paying attention to this! I added a comment to the patch file with links to the MITRE page and to the source of the patch. I think this having this information about the patch is helpful. Pushed as f2b4c18cd96a69e375d7d9b5ad1c09f8fc065571.
