[Git][security-tracker-team/security-tracker][master] CVE-2024-53427/jq: reference introductory commit

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Sat May 24 21:52:34 BST 2025 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0994ffa by Sylvain Beucler at 2025-05-24T22:52:27+02:00
CVE-2024-53427/jq: reference introductory commit

This commit introduces all the fixed code, and I can't reproduce the (simple) PoC in bullseye.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29336,11 +29336,12 @@ CVE-2024-6810 (The Quiz Organizer plugin for WordPress is vulnerable to Stored C
 CVE-2024-53427 (decNumberCopy in decNumber.c in jq through 1.7.1 does not properly con ...)
 	- jq 1.7.1-5 (bug #1102679)
 	[bookworm] - jq <no-dsa> (Minor issue)
-	[bullseye] - jq <postponed> (Minor issue)
+	[bullseye] - jq <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-x6c3-qv5r-7q22
 	NOTE: https://github.com/jqlang/jq/issues/3196
 	NOTE: https://github.com/jqlang/jq/commit/b86ff49f46a4a37e5a8e75a140cb5fd6e1331384
 	NOTE: https://github.com/jqlang/jq/commit/a09a4dfd55e6c24d04b35062ccfe4509748b1dd3
+	NOTE: Introduced by: https://github.com/jqlang/jq/commit/cf4b48c7ba30cb30e116b523cff036ea481459f6 (jq-1.7rc1)
 CVE-2024-52925 (In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution ca ...)
 	NOT-FOR-US: OPSWAT MetaDefender Kiosk
 CVE-2024-47053 (This advisory addresses an authorization vulnerability in Mautic's HTT ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0994ffa5fb3eda35ffa0ba930181a7da1c0a3f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0994ffa5fb3eda35ffa0ba930181a7da1c0a3f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250524/98589476/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list