Bug#1108863: marked as done (unblock: jq/1.7.1-6+deb13u1)

Tue, 08 Jul 2025 09:35:33 -0700 

Your message dated Tue, 8 Jul 2025 18:33:08 +0200
with message-id <[email protected]>
and subject line Re: Bug#1108863: [discussion] unblock: jq/1.8.0-1
has caused the Debian Bug report #1108863,
regarding unblock: jq/1.7.1-6+deb13u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1108863: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108863
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected], [email protected], ChangZhuo 
Chen (陳昌倬) <[email protected]>, [email protected]
Control: affects -1 + src:jq
User: [email protected]
Usertags: unblock

Hi ChangZhuo Chen, hi release team

This is not actaully a proper unblock request. There is in unstable a
new jq version which fixes CVE-2025-48060 (the other mentioned CVEs
were already fixed earlier afaics). 

But there is now a problem. 

1. the new upstream version fails to build on i386.

2. the new upstream version 1.8.0 itself introduces a new security
issue, CVE-2025-49014.

ChangZhuo Chen, what is your take here? I see possibly two ways:

Convince release team that a version based on 1.8.0 + including the
security fix for CVE-2025-49014 and the FTBFS for i386 is fine, or
actually revert back to 1.7.1-6, and apply the fix for CVE-2025-48060
on top.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
On 2025-07-08 15:00:28 +0800, ChangZhuo Chen (陳昌倬) wrote:
> Control: tags -1 - moreinfo
> 
> On Tue, Jul 08, 2025 at 07:53:52AM +0200, Sebastian Ramacher wrote:
> > Please go ahead with this upload. Please remove the moreinfo tag after
> > the upload.
> 
> I have uploaded the package.

Thanks, unblocked.

Cheers
-- 
Sebastian Ramacher

--- End Message ---

Reply via email to