summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch3
-rw-r--r--meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch3
-rw-r--r--meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch3
3 files changed, 9 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch
index 93f55eecd0..8b8243b752 100644
--- a/meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch
+++ b/meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch
@@ -8,6 +8,9 @@ This commit fixes signed integer overflow and SEGV issues on growing
8arrays and objects. The size of arrays and objects is now limited to 8arrays and objects. The size of arrays and objects is now limited to
9`536870912` (`0x20000000`). This fixes CVE-2024-23337 and fixes #3262. 9`536870912` (`0x20000000`). This fixes CVE-2024-23337 and fixes #3262.
10 10
11Upstream-Status: Backport [https://github.com/jqlang/jq.git/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e]
12CVE: CVE-2024-23337
13
11(cherry picked from commit de21386681c0df0104a99d9d09db23a9b2a78b1e) 14(cherry picked from commit de21386681c0df0104a99d9d09db23a9b2a78b1e)
12Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> 15Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
13--- 16---
diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch
index 3e27a13036..64a44a1307 100644
--- a/meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch
+++ b/meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch
@@ -7,6 +7,9 @@ This commit drops support for parsing NaN with payload in JSON like
7`NaN123` and fixes CVE-2024-53427. Other JSON extensions like `NaN` and 7`NaN123` and fixes CVE-2024-53427. Other JSON extensions like `NaN` and
8`Infinity` are still supported. Fixes #3023, fixes #3196, fixes #3246. 8`Infinity` are still supported. Fixes #3023, fixes #3196, fixes #3246.
9 9
10Upstream-Status: Backport [https://github.com/jqlang/jq.git/commit/a09a4dfd55e6c24d04b35062ccfe4509748b1dd3]
11CVE: CVE-2024-53427
12
10(cherry picked from commit a09a4dfd55e6c24d04b35062ccfe4509748b1dd3) 13(cherry picked from commit a09a4dfd55e6c24d04b35062ccfe4509748b1dd3)
11Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> 14Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
12--- 15---
diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch
index 237a50413f..c3dfd8ce21 100644
--- a/meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch
+++ b/meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch
@@ -9,6 +9,9 @@ GHSA-p7rr-28xf-3m5w (`0[""*0]`) was fixed by the commit dc849e9bb74a,
9but another case (`0[[]|implode]`) was still vulnerable. This commit 9but another case (`0[[]|implode]`) was still vulnerable. This commit
10ensures string data is properly null-terminated, and fixes CVE-2025-48060. 10ensures string data is properly null-terminated, and fixes CVE-2025-48060.
11 11
12Upstream-Status: Backport [https://github.com/jqlang/jq.git/commit/c6e041699d8cd31b97375a2596217aff2cfca85b]
13CVE: CVE-2025-48060
14
12(cherry picked from commit c6e041699d8cd31b97375a2596217aff2cfca85b) 15(cherry picked from commit c6e041699d8cd31b97375a2596217aff2cfca85b)
13Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> 16Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
14--- 17---
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-11-02 08:59:03 +0000