CVE-2023-49355 status ?
z00z00z00 opened this issue · comments
CVE-2023-49355
linzc21 published [1] an one-byte oob write affecting JQ 1.7-37-g88f01a7 (88f01a7).
JQ status
The researcher did not provide any information about potential report to you. I create this bug report to have some status. Do you confirm this issue ? Is so, any available patch ?
Thanks in advance.
z00
We call it CVE-2023-50246
I told that user their report was a duplicate, but they already published it anyway even before reporting it to us. :(
We have had a patch ready for a while.
I am organising to get 1.7.1 released soon (maybe today?); we're currently waiting to get a CVE number for another vulnerability.
OK, got it. Thanks Emanuele