Hi, I am jq maintainer, and right now CVE-2023-49355 is listed in security tracker [0]. However, this CVE is equal to CVE-2023-50246 according to upstream [1], which has been fixed in 1.7.1-1 [2]. In this case, how should I handle CVE-2023-49355? [0] https://security-tracker.debian.org/tracker/source-package/jq [1] https://github.com/jqlang/jq/issues/2986 [2] https://bugs.debian.org/1058763 -- ChangZhuo Chen (陳昌倬) czchen@{czchen,debian}.org Key fingerprint = BA04 346D C2E1 FE63 C790 8793 CC65 B0CD EC27 5D5B
Attachment:
signature.asc
Description: PGP signature