[SECURITY] [DLA 4307-1] jq security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4307-1] jq security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 21 Sep 2025 21:46:36 +0000 (UTC)
Message-id: <[🔎] 3fc8fe78-7c97-b38f-646e-378dc9e66d91@alteholz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4307-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 21, 2025                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : jq
Version        : 1.6-2.1+deb11u1
CVE ID         : CVE-2025-48060

An issue has been found in jq, a lightweight and flexible command-lineJSON processor. A heap buffer overflow may happen when formatting emptystrings.



For Debian 11 bullseye, this problem has been fixed in version
1.6-2.1+deb11u1.

We recommend that you upgrade your jq packages.

For the detailed security status of jq please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jq

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmjQcjxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcikg/+NVDX8LZQ3Woy9dTeg2a6IYXvpNO7XS+aBSsGN/4I8SKNthpxoI6RssjQ
l6837H7ua7hJmnk9GUUSKu0hyo5wUSVJnygcEZ/cb2Hjcti7hfLTzMAIB6lqZoBt
oZeSbbJi8X5FgGIgw5a+Iim2BDW8OFl0+mBQlvBQqtabamJDbi2yvfbzD8an8deU
pcERTFD/GX99KMSXeU/i1TgdOg5UOyDxfl/+QLOqP3i9f51FxxnBHktIcNhgyk+s
k8mOY0812D7OKnGckdaR8BfkmNZ9ytl8ypPQewyy+tXxaDy6O9yj0MWniVNG3iT2
S1sqAK8E4Sv27gH24lLAmjce7szbKnIonn9gAyH0i44qcYudxVjaJuAzXcbUEvKL
yVQcbph105Uar4xoPVH/r754OrKNlgn4YH2/VYXnTfnn6pT48hXBLmwhQ8Cd2q2L
gWzpMwvjDYAq+yJo+5O0lLjTYNnCJci7vWWlgwMFTStAzto78x27cU4kO0UVJkHU
tCCiCL4328zzfx4JE380iU0q/06Te6+91GuQLrWKB7kw5wRTByFnq5EG82lybUfn
s/QYBwWqCwtP1OZPNCniEkJAF9Apc2RI60pBFYjLx6jXmp7Vc81lgroI60tuD+c0
8W9nRRmkcrHJ9MfijE/o9Bt2EJZpth42Fe7pjS3dEuF0V4CUCPA=
=oUWL
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4306-1] pam security update
Next by Date: [SECURITY] [DLA 4308-1] corosync security update
Previous by thread: [SECURITY] [DLA 4306-1] pam security update
Next by thread: [SECURITY] [DLA 4308-1] corosync security update
Index(es):
- Date
- Thread