summary refs log tree commit diff
path: root/gnu/packages/web.scm
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/web.scm')
-rw-r--r--gnu/packages/web.scm6
1 files changed, 5 insertions, 1 deletions
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index fa791ffbe1..9106295061 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -3293,7 +3293,11 @@ It uses the uwsgi protocol for all the networking/interprocess communications.")
                                   "/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4"))))
+                "0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4"))
+              ;; This patch has been pushed and the vulnerability will be
+              ;; fixed in the next release after 1.5.
+              ;; https://github.com/stedolan/jq/issues/995
+              (patches (search-patches "jq-CVE-2015-8863.patch"))))
     (inputs
      `(("oniguruma" ,oniguruma)))
     (native-inputs