Andreas Henriksson pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
78cd7001 by Andreas Henriksson at 2026-07-01T19:40:50+02:00
Reserve DLA-4662-1 for jq

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -35792,7 +35792,6 @@ CVE-2026-44777 (jq is a command-line JSON processor. In 
1.8.2rc1 and earlier, th
        {DLA-4599-1}
        - jq 1.8.1-6 (bug #1136445)
        [trixie] - jq <no-dsa> (Minor issue)
-       [bookworm] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-rmpv-jgvr-wpr9
 CVE-2026-44738 (Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the 
Twig sandb ...)
        NOT-FOR-US: Grav CMS
@@ -35834,7 +35833,6 @@ CVE-2026-43896 (jq is a command-line JSON processor. In 
1.8.1 and earlier, unbou
        {DLA-4599-1}
        - jq 1.8.1-6 (bug #1136445)
        [trixie] - jq <no-dsa> (Minor issue)
-       [bookworm] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-mg96-6h3q-g846
 CVE-2026-43895 (jq is a command-line JSON processor. In 1.8.1 and earlier, jq 
accepts  ...)
        {DLA-4599-1}
@@ -35918,13 +35916,11 @@ CVE-2026-41257 (jq is a command-line JSON processor. 
In 1.8.1 and earlier, the j
        {DLA-4599-1}
        - jq 1.8.1-6 (bug #1136445)
        [trixie] - jq <no-dsa> (Minor issue)
-       [bookworm] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-4jm8-m363-4539
 CVE-2026-41256 (jq is a command-line JSON processor. In 1.8.1 and earlier, 
Top-level j ...)
        {DLA-4599-1}
        - jq 1.8.1-6 (bug #1136445)
        [trixie] - jq <no-dsa> (Minor issue)
-       [bookworm] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-vf2h-chrj-q3fg
 CVE-2026-41250 (Taiga is a project management platform for startups and agile 
develope ...)
        NOT-FOR-US: Taiga
@@ -52679,7 +52675,6 @@ CVE-2026-40164 (jq is a command-line JSON processor. 
Before commit 0c7d133c3c7e3
        {DLA-4599-1}
        - jq 1.8.1-5 (bug #1133921)
        [trixie] - jq 1.7.1-6+deb13u2
-       [bookworm] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-wwj8-gxm6-jc29
        NOTE: Fixed by: 
https://github.com/jqlang/jq/commit/0c7d133c3c7e37c00b6d46b658a02244fdd3c784
 CVE-2026-3017 (The Smart Post Show \u2013 Post Grid, Post Carousel & Slider, 
and List ...)
@@ -52688,14 +52683,12 @@ CVE-2026-39979 (jq is a command-line JSON processor. 
In commits before 2f09060af
        {DLA-4599-1}
        - jq 1.8.1-5 (bug #1133921)
        [trixie] - jq 1.7.1-6+deb13u2
-       [bookworm] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p
        NOTE: Fixed by: 
https://github.com/jqlang/jq/commit/2f09060afab23fe9390cce7cb860b10416e1bf5f
 CVE-2026-39956 (jq is a command-line JSON processor. In commits after 
69785bf77f86e2ea ...)
        {DLA-4599-1}
        - jq 1.8.1-5 (bug #1133921)
        [trixie] - jq 1.7.1-6+deb13u2
-       [bookworm] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-6gc3-3g9p-xx28
        NOTE: Fixed by: 
https://github.com/jqlang/jq/commit/fdf8ef0f0810e3d365cdd5160de43db46f57ed03
 CVE-2026-39426 (MaxKB is an open-source AI assistant for enterprise. Versions 
2.7.1 an ...)
@@ -52744,14 +52737,12 @@ CVE-2026-33948 (jq is a command-line JSON processor. 
Commits before 6374ae0bcdfe
        {DLA-4599-1}
        - jq 1.8.1-5 (bug #1133921)
        [trixie] - jq 1.7.1-6+deb13u2
-       [bookworm] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-32cx-cvvh-2wj9
        NOTE: Fixed by: 
https://github.com/jqlang/jq/commit/6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b
 CVE-2026-33947 (jq is a command-line JSON processor. In versions 1.8.1 and 
below, func ...)
        {DLA-4599-1}
        - jq 1.8.1-5 (bug #1133921)
        [trixie] - jq 1.7.1-6+deb13u2
-       [bookworm] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-xwrw-4f8h-rjvg
        NOTE: Fixed by: 
https://github.com/jqlang/jq/commit/fb59f1491058d58bdc3e8dd28f1773d1ac690a1f
 CVE-2026-33908 (ImageMagick is free and open-source software used for editing 
and mani ...)
@@ -53018,7 +53009,6 @@ CVE-2026-32316 (jq is a command-line JSON processor. An 
integer overflow vulnera
        {DLA-4599-1}
        - jq 1.8.1-5 (bug #1133921)
        [trixie] - jq 1.7.1-6+deb13u2
-       [bookworm] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-q3h9-m34w-h76f
        NOTE: Fixed by: 
https://github.com/jqlang/jq/commit/e47e56d226519635768e6aab2f38f0ab037c09e5
 CVE-2026-31283 (In Totara LMS v19.1.5 and before, the forgot password API does 
not imp ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 Jul 2026] DLA-4662-1 jq - security update
+       {CVE-2026-32316 CVE-2026-33947 CVE-2026-33948 CVE-2026-39956 
CVE-2026-39979 CVE-2026-40164 CVE-2026-41256 CVE-2026-41257 CVE-2026-43894 
CVE-2026-43895 CVE-2026-43896 CVE-2026-44777 CVE-2026-47770 CVE-2026-49839 
CVE-2026-54679}
+       [bookworm] - jq 1.6-2.1+deb12u2
 [01 Jul 2026] DLA-4661-1 jq - security update
        {CVE-2026-43894 CVE-2026-47770 CVE-2026-49839 CVE-2026-54679}
        [bullseye] - jq 1.6-2.1+deb11u3


=====================================
data/dla-needed.txt
=====================================
@@ -268,11 +268,6 @@ jpeg-xl/bookworm
   NOTE: 20260619: Added by Front-Desk (charles)
   NOTE: 20260619: Follow DSA-6342-1 (charles)
 --
-jq/bookworm (ah)
-  NOTE: 20260611: Added by Front-Desk (rouca)
-  NOTE: 20260701: remaining bullseye CVEs addressed in DLA-4661-1 (ah)
-  NOTE: 20260701: will do a separate DLA for bookworm for the combination of 
last 2 DLAs for bullseye (ah)
---
 kamailio/bullseye
   NOTE: 20260413: Added by Front-Desk (rouca)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78cd7001c8a41802f90ec7c9d7e27f84e5053b1e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78cd7001c8a41802f90ec7c9d7e27f84e5053b1e
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to