ELA-1520-1 jq security update

heap buffer overflow

2025-09-21
Packagejq
Version1.5+dfsg-1.3+deb9u1 (stretch), 1.5+dfsg-2+deb10u1 (buster)
Related CVEs CVE-2025-48060


An issue has been found in jq, a lightweight and flexible command-line JSON processor. A heap buffer overflow may happen when formatting empty strings.



For Debian 10 buster, these problems have been fixed in version 1.5+dfsg-2+deb10u1.

For Debian 9 stretch, these problems have been fixed in version 1.5+dfsg-1.3+deb9u1.

We recommend that you upgrade your jq packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.