There is 1 open security issue in bookworm.
1 issue left for the package maintainer to handle:
- CVE-2024-53427:
(needs triaging)
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).
You can find information about how to handle this issue in the security team's documentation.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/j/jq.png){kind=link}