Package "jq"

Name:	jq
Description:	lightweight and flexible command-line JSON processor
Latest version:	1.6-2.1ubuntu3.1
Release:	jammy (22.04)
Level:	security
Repository:	main
Homepage:	https://github.com/stedolan/jq

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "jq"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "jq" in Jammy

Repository	Area	Version
base	main	1.6-2.1ubuntu3
updates	main	1.6-2.1ubuntu3.1

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 1.6-2.1ubuntu3.1 2025-07-21 15:11:45 UTC

jq (1.6-2.1ubuntu3.1) jammy-security; urgency=medium * SECURITY UPDATE: integer overflow via signed integer limit - debian/patches/CVE-2024-23337.patch: fix signed integer overflow in jvp_array_write and jvp_object_rehash in src/jv.c, src/jv_aux.c, tests/jq.test. - CVE-2024-23337 * SECURITY UPDATE: heap buffer overflow - debian/patches/CVE-2025-48060.patch: fix heap buffer overflow when formatting an empty string in src/jv.c, tests/jq.test. - CVE-2025-48060 -- Marc Deslauriers <email address hidden> Wed, 16 Jul 2025 11:37:01 -0400

CVE-2024-23337	jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483
CVE-2025-48060	jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_

About - Send Feedback to @ubuntu_updates

Package "jq"

Links

Download "jq"

Other versions of "jq" in Jammy

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

PPA updates