From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Peter Korsgaard <peter@korsgaard.com>
Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>,
buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/jq: security bump to version 1.7.1
Date: Mon, 18 Dec 2023 17:48:13 +0100 [thread overview]
Message-ID: <ZYB3zb5QbQsEh97e@landeda> (raw)
In-Reply-To: <20231218125026.3844825-1-peter@korsgaard.com>
Peter, All,
On 2023-12-18 13:50 +0100, Peter Korsgaard spake thusly:
> Fixes the following security issues:
>
> CVE-2023-50246: Fix heap buffer overflow in jvp_literal_number_literal
> https://github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc
>
> CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload
> https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/jq/jq.hash | 2 +-
> package/jq/jq.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/jq/jq.hash b/package/jq/jq.hash
> index 6c2db98e87..d4d8656ea0 100644
> --- a/package/jq/jq.hash
> +++ b/package/jq/jq.hash
> @@ -1,3 +1,3 @@
> # Locally calculated
> -sha256 402a0d6975d946e6f4e484d1a84320414a0ff8eb6cf49d2c11d144d4d344db62 jq-1.7.tar.gz
> +sha256 478c9ca129fd2e3443fe27314b455e211e0d8c60bc8ff7df703873deeee580c2 jq-1.7.1.tar.gz
> sha256 10e974638a41fadfd72357f2f3a4325e20b856c563365128f72feaa406f8c92d COPYING
> diff --git a/package/jq/jq.mk b/package/jq/jq.mk
> index d886459dcc..8c417fad31 100644
> --- a/package/jq/jq.mk
> +++ b/package/jq/jq.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -JQ_VERSION = 1.7
> +JQ_VERSION = 1.7.1
> JQ_SITE = https://github.com/jqlang/jq/releases/download/jq-$(JQ_VERSION)
> JQ_LICENSE = MIT (code), ICU (decNumber), CC-BY-3.0 (documentation)
> JQ_LICENSE_FILES = COPYING
> --
> 2.39.2
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2023-12-18 16:48 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-18 12:50 [Buildroot] [PATCH] package/jq: security bump to version 1.7.1 Peter Korsgaard
2023-12-18 16:48 ` Yann E. MORIN [this message]
2024-01-07 11:13 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZYB3zb5QbQsEh97e@landeda \
--to=yann.morin.1998@free.fr \
--cc=angelo.compagnucci@gmail.com \
--cc=buildroot@buildroot.org \
--cc=peter@korsgaard.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox