[Git][security-tracker-team/security-tracker][master] CVE-2024-53427/jq: reference introductory commit

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a0994ffa by Sylvain Beucler at 2025-05-24T22:52:27+02:00
CVE-2024-53427/jq: reference introductory commit

This commit introduces all the fixed code, and I can't reproduce the (simple) 
PoC in bullseye.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29336,11 +29336,12 @@ CVE-2024-6810 (The Quiz Organizer plugin for 
WordPress is vulnerable to Stored C
 CVE-2024-53427 (decNumberCopy in decNumber.c in jq through 1.7.1 does not 
properly con ...)
        - jq 1.7.1-5 (bug #1102679)
        [bookworm] - jq <no-dsa> (Minor issue)
-       [bullseye] - jq <postponed> (Minor issue)
+       [bullseye] - jq <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-x6c3-qv5r-7q22
        NOTE: https://github.com/jqlang/jq/issues/3196
        NOTE: 
https://github.com/jqlang/jq/commit/b86ff49f46a4a37e5a8e75a140cb5fd6e1331384
        NOTE: 
https://github.com/jqlang/jq/commit/a09a4dfd55e6c24d04b35062ccfe4509748b1dd3
+       NOTE: Introduced by: 
https://github.com/jqlang/jq/commit/cf4b48c7ba30cb30e116b523cff036ea481459f6 
(jq-1.7rc1)
 CVE-2024-52925 (In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code 
execution ca ...)
        NOT-FOR-US: OPSWAT MetaDefender Kiosk
 CVE-2024-47053 (This advisory addresses an authorization vulnerability in 
Mautic's HTT ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0994ffa5fb3eda35ffa0ba930181a7da1c0a3f5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0994ffa5fb3eda35ffa0ba930181a7da1c0a3f5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits