[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Handle jq CVE-2023-49355, which is equal to CVE-2023-50246



On Tue, Dec 19, 2023 at 05:13:34PM +0100, Sylvain Beucler wrote:
> On 16/12/2023 11:15, ChangZhuo Chen (陳昌倬) wrote:
> > I am jq maintainer, and right now CVE-2023-49355 is listed in security
> > tracker [0]. However, this CVE is equal to CVE-2023-50246 according to
> > upstream [1], which has been fixed in 1.7.1-1 [2].
> > 
> > In this case, how should I handle CVE-2023-49355?
> > 
> > 
> > [0] https://security-tracker.debian.org/tracker/source-package/jq
> > [1] https://github.com/jqlang/jq/issues/2986
> > [2] https://bugs.debian.org/1058763
> 
> Ideally you can contact MITRE through https://cveform.mitre.org/ to mark
> CVE-2023-49355 as a duplicate.

Submitted, thanks for the information.


-- 
ChangZhuo Chen (陳昌倬) czchen@{czchen,debian}.org
Key fingerprint = BA04 346D C2E1 FE63 C790  8793 CC65 B0CD EC27 5D5B

Attachment: signature.asc
Description: PGP signature


Reply to: