Divya Chellam
6306bae883
jq: fix CVE-2025-9403
...
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the
function run_jq_tests of the file jq_test.c of the component JSON Parser.
Executing manipulation can lead to reachable assertion. The attack
requires local access. The exploit has been publicly disclosed and may be
utilized. Other versions might be affected as well.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-9403
Upstream-patch:
https://github.com/jqlang/jq/commit/a4d9d540103ff9a262e304329c277ec89b27e5f9
Signed-off-by: Divya Chellam <divya.chellam@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-10-27 11:17:59 +01:00
Colin McAllister
9daee866d1
jq: Fix CVEs
...
Adds backported patches to fix CVE-2024-23339, CVE-2024-53427, and
CVE-2025-48060.
Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com >
Change-Id: Ibc2db956b7fd5d0388dbed1a81ddf9aa58431fb1
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-13 14:36:35 -04:00
Joerg Vehlow
2c051c65a4
jq: Fix typo OE_EXTRACONF -> EXTRA_OECONF
...
Signed-off-by: Joerg Vehlow <joerg.vehlow@aox.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 1aa9d7d53d )
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-05-30 13:02:52 -07:00
William A. Kennington III
0d8dee9172
jq: upgrade 1.6 -> 2021-10-24 git
...
JQ has gone through more than 3 years of code changes and has had
significant performance improvements since the last release. The team is
still figuring out a new release process. Use the latest git commit to
pull in these changes.
Signed-off-by: William A. Kennington III <wak@google.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2022-01-19 09:28:51 -08:00