[Git][security-tracker-team/security-tracker][master] Add more jq issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 11 20:26:51 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eaf08aaa by Salvatore Bonaccorso at 2026-05-11T21:26:41+02:00
Add more jq issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83,7 +83,8 @@ CVE-2026-44992 (OpenClaw versions 2026.4.5 before 2026.4.20 contain an environme
 CVE-2026-44991 (OpenClaw before 2026.4.21 contains an authorization bypass vulnerabili ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-44777 (jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordi ...)
-	TODO: check
+	- jq <unfixed>
+	NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-rmpv-jgvr-wpr9
 CVE-2026-44738 (Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandb ...)
 	NOT-FOR-US: Grav CMS
 CVE-2026-44737 (grav-plugin-admin is the admin plugin for Grav is an HTML user interfa ...)
@@ -190,9 +191,11 @@ CVE-2026-41951 (Path traversal vulnerability exists in GROWI v7.5.0 and earlier,
 CVE-2026-41431 (Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a  ...)
 	TODO: check
 CVE-2026-41257 (jq is a command-line JSON processor. In 1.8.1 and earlier, the jq byte ...)
-	TODO: check
+	- jq <unfixed>
+	NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-4jm8-m363-4539
 CVE-2026-41256 (jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level j ...)
-	TODO: check
+	- jq <unfixed>
+	NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-vf2h-chrj-q3fg
 CVE-2026-41250 (Taiga is a project management platform for startups and agile develope ...)
 	TODO: check
 CVE-2026-41018 (The Elasticsearch logging provider, when configured with a `host` URL  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaf08aaa7bfd343dacfb798e5a179d50e005bfbe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaf08aaa7bfd343dacfb798e5a179d50e005bfbe
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260511/d88ae572/attachment.htm>

More information about the debian-security-tracker-commits mailing list