Package: jq Version: 1.5+dfsg-2 Severity: important Tags: upstream jq silently accepts illegal JSON:
tglase@tglase:~ $ jq <<<'[0,01,2]' [ 0, 1, 2 ] tglase@tglase:~ $ jsn <<<'[0,01,2]' JSON decoding of input failed: { "input": "[0,01,2]\n", "message": "missing comma in Array at offset 0x4" } A Number may not have a leading zero. Secondary reference: http://www.json.org/JSON_checker/test.zip -- System Information: Debian Release: buster/sid APT prefers unreleased APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable') Architecture: x32 (x86_64) Foreign Architectures: i386, amd64 Kernel: Linux 4.12.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages jq depends on: ii libc6 2.24-17 ii libjq1 1.5+dfsg-2 ii libonig4 6.6.1-1 jq recommends no packages. jq suggests no packages. -- no debconf information