Commit Graph

4 Commits

Author SHA1 Message Date
Divya Chellam 6306bae883 jq: fix CVE-2025-9403
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the
function run_jq_tests of the file jq_test.c of the component JSON Parser.
Executing manipulation can lead to reachable assertion. The attack
requires local access. The exploit has been publicly disclosed and may be
utilized. Other versions might be affected as well.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-9403

Upstream-patch:
https://github.com/jqlang/jq/commit/a4d9d540103ff9a262e304329c277ec89b27e5f9

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-10-27 11:17:59 +01:00
Colin McAllister 9daee866d1 jq: Fix CVEs
Adds backported patches to fix CVE-2024-23339, CVE-2024-53427, and
CVE-2025-48060.

Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Change-Id: Ibc2db956b7fd5d0388dbed1a81ddf9aa58431fb1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-07-13 14:36:35 -04:00
Joerg Vehlow 2c051c65a4 jq: Fix typo OE_EXTRACONF -> EXTRA_OECONF
Signed-off-by: Joerg Vehlow <joerg.vehlow@aox.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1aa9d7d53d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2022-05-30 13:02:52 -07:00
William A. Kennington III 0d8dee9172 jq: upgrade 1.6 -> 2021-10-24 git
JQ has gone through more than 3 years of code changes and has had
significant performance improvements since the last release. The team is
still figuring out a new release process. Use the latest git commit to
pull in these changes.

Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-19 09:28:51 -08:00