Back to bug 1328747
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-04-20 08:36:29 UTC | Depends On | 1328748 | |
| Andrej Nemec | 2016-04-20 08:36:36 UTC | Depends On | 1328749 | |
| Andrej Nemec | 2016-04-20 08:36:43 UTC | Depends On | 1328750 | |
| Andrej Nemec | 2016-04-20 08:38:45 UTC | Blocks | 1328751 | |
| Perry Myers | 2016-04-20 11:22:29 UTC | CC | pmyers | |
| Salvatore Bonaccorso | 2016-04-21 20:35:20 UTC | CC | carnil | |
| Martin Prpič | 2016-04-25 08:32:37 UTC | Alias | CVE-2015-8863 | |
| Martin Prpič | 2016-04-25 08:32:46 UTC | Summary | jq: heap-buffer-overflow in tokenadd() function | CVE-2015-8863 jq: heap-buffer-overflow in tokenadd() function |
| Summer Long | 2016-04-28 02:02:56 UTC | Whiteboard | impact=moderate,public=20151018,reported=20160420,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-122,fedora-all/jq=affected,epel-6/jq=affected,epel-7/jq=affected,openstack-6/jq=affected,openstack-7/jq=affected,openstack-8/jq=affected | impact=moderate,public=20151018,reported=20160420,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-122,fedora-all/jq=affected,epel-6/jq=affected,epel-7/jq=affected,openstack-6/jq=affected,openstack-7/jq=affected,openstack-8/jq=affected,openstack-9/jq=affected |
| Summer Long | 2016-04-28 02:03:07 UTC | CC | pmyers | |
| Summer Long | 2016-04-28 02:05:50 UTC | Depends On | 1331202 | |
| Summer Long | 2016-04-28 02:06:03 UTC | Depends On | 1331203 | |
| Summer Long | 2016-04-28 02:06:17 UTC | Depends On | 1331204 | |
| Summer Long | 2016-04-28 02:24:29 UTC | Depends On | 1331209 | |
| Perry Myers | 2016-04-28 05:03:06 UTC | CC | pmyers | |
| Norman Sardella | 2016-05-09 13:06:32 UTC | CC | sardella | |
| Summer Long | 2016-05-12 01:54:49 UTC | CC | slong | |
| Doc Text | A heap-based, buffer-overflow vulnerability was found in jq's tokenadd() function. A system attacker could exploit this flaw by crafting a JSON file to crash the application (denial of service) or execute unwanted code. | |||
| Summer Long | 2016-05-13 00:12:36 UTC | Whiteboard | impact=moderate,public=20151018,reported=20160420,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-122,fedora-all/jq=affected,epel-6/jq=affected,epel-7/jq=affected,openstack-6/jq=affected,openstack-7/jq=affected,openstack-8/jq=affected,openstack-9/jq=affected | impact=moderate,public=20151018,reported=20160420,source=debian,cvss2=5.9/AV:L/AC:M/Au:N/C:P/I:P/A:C,cwe=CWE-122,fedora-all/jq=affected,epel-6/jq=affected,epel-7/jq=affected,openstack-6/jq=affected,openstack-7/jq=affected,openstack-8/jq=affected,openstack-9/jq=affected |
| Martin Prpič | 2016-05-13 06:23:31 UTC | Doc Text | A heap-based, buffer-overflow vulnerability was found in jq's tokenadd() function. A system attacker could exploit this flaw by crafting a JSON file to crash the application (denial of service) or execute unwanted code. | A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system. |
| Summer Long | 2016-05-13 06:24:22 UTC | Whiteboard | impact=moderate,public=20151018,reported=20160420,source=debian,cvss2=5.9/AV:L/AC:M/Au:N/C:P/I:P/A:C,cwe=CWE-122,fedora-all/jq=affected,epel-6/jq=affected,epel-7/jq=affected,openstack-6/jq=affected,openstack-7/jq=affected,openstack-8/jq=affected,openstack-9/jq=affected | impact=moderate,public=20151018,reported=20160420,source=debian,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-122,fedora-all/jq=affected,epel-6/jq=affected,epel-7/jq=affected,openstack-6/jq=affected,openstack-7/jq=affected,openstack-8/jq=affected,openstack-9/jq=affected |
| Summer Long | 2016-07-11 01:13:06 UTC | Whiteboard | impact=moderate,public=20151018,reported=20160420,source=debian,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-122,fedora-all/jq=affected,epel-6/jq=affected,epel-7/jq=affected,openstack-6/jq=affected,openstack-7/jq=affected,openstack-8/jq=affected,openstack-9/jq=affected | impact=moderate,public=20151018,reported=20160420,source=debian,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-122,fedora-all/jq=affected,epel-6/jq=affected,epel-7/jq=affected,openstack-6/jq=affected,openstack-7/jq=affected,openstack-8/jq=affected,openstack-9/jq=notaffected |
| Summer Long | 2016-07-11 01:15:07 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-07-10 21:15:07 UTC | |||
| Andrej Nemec | 2017-01-26 12:04:34 UTC | Depends On | 1416711 | |
| Product Security DevOps Team | 2019-09-29 13:47:33 UTC | Whiteboard | impact=moderate,public=20151018,reported=20160420,source=debian,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-122,fedora-all/jq=affected,epel-6/jq=affected,epel-7/jq=affected,openstack-6/jq=affected,openstack-7/jq=affected,openstack-8/jq=affected,openstack-9/jq=notaffected | |
| Doran Moppert | 2021-04-15 04:07:17 UTC | CC | jhrozek, spoore | |
| Fixed In Version | jq 1.6 |
Back to bug 1328747