[Git][security-tracker-team/security-tracker][master] Track fixed version for jq issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun May 17 12:27:07 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ef8c497a by Salvatore Bonaccorso at 2026-05-17T13:26:40+02:00
Track fixed version for jq issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4042,7 +4042,7 @@ CVE-2026-44992 (OpenClaw versions 2026.4.5 before 2026.4.20 contain an environme
CVE-2026-44991 (OpenClaw before 2026.4.21 contains an authorization bypass vulnerabili ...)
NOT-FOR-US: OpenClaw
CVE-2026-44777 (jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordi ...)
- - jq <unfixed> (bug #1136445)
+ - jq 1.8.1-6 (bug #1136445)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-rmpv-jgvr-wpr9
CVE-2026-44738 (Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandb ...)
NOT-FOR-US: Grav CMS
@@ -4081,13 +4081,13 @@ CVE-2026-43968 (Improper Neutralization of CRLF Sequences ('CRLF Injection') vul
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-43968
NOTE: https://github.com/ninenines/cowlib/commit/6165fc40efa159ba1cceee7e7981e790acba5d9c
CVE-2026-43896 (jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded r ...)
- - jq <unfixed> (bug #1136445)
+ - jq 1.8.1-6 (bug #1136445)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-mg96-6h3q-g846
CVE-2026-43895 (jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts ...)
- - jq <unfixed> (bug #1136445)
+ - jq 1.8.1-6 (bug #1136445)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-7q7g-mrq3-phxr
CVE-2026-43894 (jq is a command-line JSON processor. In 1.8.1 and earlier, when decNum ...)
- - jq <unfixed> (bug #1136445)
+ - jq 1.8.1-6 (bug #1136445)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-5v7p-2r57-2g4g
CVE-2026-43826 (The OpenSearch logging provider, when configured with a `host` URL tha ...)
NOT-FOR-US: OpenSearch logging provider for Airflow
@@ -4158,10 +4158,10 @@ CVE-2026-41951 (Path traversal vulnerability exists in GROWI v7.5.0 and earlier,
CVE-2026-41431 (Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a ...)
NOT-FOR-US: Zen
CVE-2026-41257 (jq is a command-line JSON processor. In 1.8.1 and earlier, the jq byte ...)
- - jq <unfixed> (bug #1136445)
+ - jq 1.8.1-6 (bug #1136445)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-4jm8-m363-4539
CVE-2026-41256 (jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level j ...)
- - jq <unfixed> (bug #1136445)
+ - jq 1.8.1-6 (bug #1136445)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-vf2h-chrj-q3fg
CVE-2026-41250 (Taiga is a project management platform for startups and agile develope ...)
NOT-FOR-US: Taiga
@@ -4170,7 +4170,7 @@ CVE-2026-41018 (The Elasticsearch logging provider, when configured with a `host
CVE-2026-40636 (Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale version ...)
NOT-FOR-US: Dell / EMC
CVE-2026-40612 (jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains ...)
- - jq <unfixed> (bug #1136445)
+ - jq 1.8.1-6 (bug #1136445)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-r7m6-x9c7-h69j
CVE-2026-3609 (Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vu ...)
NOT-FOR-US: Wellbia XIGNCODE3 xhunter1.sys kernel driver
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef8c497a7a739dd3a63cc3a677414064c6dbb1dc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef8c497a7a739dd3a63cc3a677414064c6dbb1dc
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260517/2e0c22a3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list