On Tue, Dec 19, 2023 at 05:13:34PM +0100, Sylvain Beucler wrote: > On 16/12/2023 11:15, ChangZhuo Chen (陳昌倬) wrote: > > I am jq maintainer, and right now CVE-2023-49355 is listed in security > > tracker [0]. However, this CVE is equal to CVE-2023-50246 according to > > upstream [1], which has been fixed in 1.7.1-1 [2]. > > > > In this case, how should I handle CVE-2023-49355? > > > > > > [0] https://security-tracker.debian.org/tracker/source-package/jq > > [1] https://github.com/jqlang/jq/issues/2986 > > [2] https://bugs.debian.org/1058763 > > Ideally you can contact MITRE through https://cveform.mitre.org/ to mark > CVE-2023-49355 as a duplicate.
Submitted, thanks for the information. -- ChangZhuo Chen (陳昌倬) czchen@{czchen,debian}.org Key fingerprint = BA04 346D C2E1 FE63 C790 8793 CC65 B0CD EC27 5D5B
signature.asc
Description: PGP signature