[Buildroot] [PATCH] package/jq: security bump to version 1.7.1

* [Buildroot] [PATCH] package/jq: security bump to version 1.7.1
@ 2023-12-18 12:50 Peter Korsgaard
  2023-12-18 16:48 ` Yann E. MORIN
  2024-01-07 11:13 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-12-18 12:50 UTC (permalink / raw)
  To: buildroot; +Cc: Angelo Compagnucci

Fixes the following security issues:

CVE-2023-50246: Fix heap buffer overflow in jvp_literal_number_literal
https://github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc

CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload
https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/jq/jq.hash | 2 +-
 package/jq/jq.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/jq/jq.hash b/package/jq/jq.hash
index 6c2db98e87..d4d8656ea0 100644
--- a/package/jq/jq.hash
+++ b/package/jq/jq.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  402a0d6975d946e6f4e484d1a84320414a0ff8eb6cf49d2c11d144d4d344db62  jq-1.7.tar.gz
+sha256  478c9ca129fd2e3443fe27314b455e211e0d8c60bc8ff7df703873deeee580c2  jq-1.7.1.tar.gz
 sha256  10e974638a41fadfd72357f2f3a4325e20b856c563365128f72feaa406f8c92d  COPYING
diff --git a/package/jq/jq.mk b/package/jq/jq.mk
index d886459dcc..8c417fad31 100644
--- a/package/jq/jq.mk
+++ b/package/jq/jq.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-JQ_VERSION = 1.7
+JQ_VERSION = 1.7.1
 JQ_SITE = https://github.com/jqlang/jq/releases/download/jq-$(JQ_VERSION)
 JQ_LICENSE = MIT (code), ICU (decNumber), CC-BY-3.0 (documentation)
 JQ_LICENSE_FILES = COPYING
-- 
2.39.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread