On 16/12/2023 11:15, ChangZhuo Chen (陳昌倬) wrote:
I am jq maintainer, and right now CVE-2023-49355 is listed in security tracker [0]. However, this CVE is equal to CVE-2023-50246 according to upstream [1], which has been fixed in 1.7.1-1 [2].
In this case, how should I handle CVE-2023-49355?
[0] https://security-tracker.debian.org/tracker/source-package/jq
[1] https://github.com/jqlang/jq/issues/2986
[2] https://bugs.debian.org/1058763
Ideally you can contact MITRE through https://cveform.mitre.org/ to mark CVE-2023-49355 as a duplicate.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 10:47:25 |
Calls: | 6,666 |
Files: | 12,213 |
Messages: | 5,336,371 |