Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected] Control: affects -1 + src:jq User: [email protected] Usertags: pu
[ Reason ] Fix the following security vulnerabilities: * CVE-2026-40612 * CVE-2026-41256 * CVE-2026-41257 * CVE-2026-43894 * CVE-2026-43895 * CVE-2026-43896 * CVE-2026-44777 [ Impact ] Security vulnerabilities [ Tests ] Tested by upstream unit tests. [ Risks ] * jq has zero runtime dependencies, so it is safe to backport. * Cherry-pick upstream patches is infeasible due to the change in upstream. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] (Explain *all* the changes) [ Other info ] (Anything else the release team should know.) -- ChangZhuo Chen (陳昌倬) callsign: BU2HG email: [email protected] fingerprint = BA04 346D C2E1 FE63 C790 8793 CC65 B0CD EC27 5D5B
diff -Nru jq-1.8.1/debian/changelog jq-1.8.1/debian/changelog --- jq-1.8.1/debian/changelog 2026-05-17 01:00:50.000000000 +0800 +++ jq-1.8.1/debian/changelog 2026-05-17 20:58:04.000000000 +0800 @@ -1,3 +1,9 @@ +jq (1.8.1-6~bpo13+1) trixie-backports; urgency=medium + + * Rebuild for trixie-backports. + + -- ChangZhuo Chen (陳昌倬) <[email protected]> Sun, 17 May 2026 20:58:04 +0800 + jq (1.8.1-6) unstable; urgency=high * Cherry-pick upstream fix for the following CVE (Closes: #1136445):
signature.asc
Description: PGP signature
