[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-49355/jq

Fri Dec 15 19:56:47 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28af0e5b by Salvatore Bonaccorso at 2023-12-15T20:56:06+01:00
Update status for CVE-2023-49355/jq

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1204,7 +1204,10 @@ CVE-2023-50463 (The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy
 CVE-2023-49964 (An issue was discovered in Hyland Alfresco Community Edition through 7 ...)
 	NOT-FOR-US: Hyland Alfresco Community Edition
 CVE-2023-49355 (decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out- ...)
-	- jq <undetermined>
+	- jq <unfixed>
+	[bookworm] - jq <not-affected> (Vulnerable code not present)
+	[bullseye] - jq <not-affected> (Vulnerable code not present)
+	[buster] - jq <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/linzc21/bug-reports/blob/main/reports/jq/1.7-37-g88f01a7/heap-buffer-overflow/CVE-2023-49355.md
 CVE-2023-48425 (U-Boot vulnerability resulting in persistent Code Execution)
 	NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28af0e5b473ec41564031f954a534974f84944ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28af0e5b473ec41564031f954a534974f84944ba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231215/61117b72/attachment.htm>
