jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.7.1-2", "binary_name": "jq" }, { "binary_version": "1.7.1-2", "binary_name": "jq-dbgsym" }, { "binary_version": "1.7.1-2", "binary_name": "libjq-dev" }, { "binary_version": "1.7.1-2", "binary_name": "libjq1" }, { "binary_version": "1.7.1-2", "binary_name": "libjq1-dbgsym" } ] }