Google Git
Sign in
android-kvm / buildroot / a9fd428c61818af415eae87e4d0d6ef908a08f25
commita9fd428c61818af415eae87e4d0d6ef908a08f25[log] [tgz]
authorYuce Kurum <yuce.kurum@mind.be>Wed Jun 18 14:32:26 2025 +0200
committerThomas Perale <thomas.perale@mind.be>Wed Jun 18 14:40:32 2025 +0200
treefeabf42c531975d4e3c4aa40c98ec15bbdfe20e4
parent06c5664b1833248c76181f0f1489d309c0ce2465 [diff]
package/jq: security patch for CVE-2025-48060

Security patch have been fetched from the Nixpkgs [1].

Fixes the following CVE:
- CVE-2025-48060: jq is a command-line JSON processor. In versions up to
 and including 1.7.1, a heap-buffer-overflow is present in function
  in the jq_fuzz_execute harness from oss-fuzz. This
 crash happens on file jv.c, line 1456 . As of
 time of publication, no patched versions are available.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2025-48060

[1] https://github.com/LordGrimmauld/nixpkgs/blob/df21c79bfbb4d5ea50a49231bb8f91ab7afa051d/pkgs/by-name/jq/jq/0005-Fix-heap-buffer-overflow-when-formatting-an-empty-st.patch

Signed-off-by: Yuce Kurum <yuce.kurum@mind.be>
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
2 files changed
tree: feabf42c531975d4e3c4aa40c98ec15bbdfe20e4
  1. .github/
  2. .gitlab/
  3. arch/
  4. board/
  5. boot/
  6. configs/
  7. docs/
  8. fs/
  9. linux/
  10. package/
  11. support/
  12. system/
  13. toolchain/
  14. utils/
  15. .b4-config
  16. .checkpackageignore
  17. .clang-format
  18. .defconfig
  19. .editorconfig
  20. .flake8
  21. .gitignore
  22. .gitlab-ci.yml
  23. .shellcheckrc
  24. CHANGES
  25. Config.in
  26. Config.in.legacy
  27. COPYING
  28. DEVELOPERS
  29. Makefile
  30. Makefile.legacy
  31. README