[Git][security-tracker-team/security-tracker][master] Add four new jackson-databind issues

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
027c1de7 by Salvatore Bonaccorso at 2019-01-10T20:55:26Z
Add four new jackson-databind issues

All four CVE-2018-14718, CVE-2018-14719, CVE-2018-14720 and
CVE-2018-14721 already adressed in unstable upload with the 2.9.8-1
upload.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27606,13 +27606,21 @@ CVE-2018-14722 (An issue was discovered in 
evaluate_auto_mountpoint in ...)
        - btrfsmaintenance 0.4.1-2 (bug #906131)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1102721
 CVE-2018-14721 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote 
...)
-       TODO: check
+       - jackson-databind 2.9.8-1
+       NOTE: 
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
+       NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14720 (FasterXML jackson-databind 2.x before 2.9.7 might allow 
attackers to ...)
-       TODO: check
+       - jackson-databind 2.9.8-1
+       NOTE: 
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
+       NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14719 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote 
...)
-       TODO: check
+       - jackson-databind 2.9.8-1
+       NOTE: 
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
+       NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14718 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote 
...)
-       TODO: check
+       - jackson-databind 2.9.8-1
+       NOTE: 
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
+       NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14717
        RESERVED
 CVE-2018-14716 (A Server Side Template Injection (SSTI) was discovered in the 
SEOmatic ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/027c1de7d5c82e9cc80525207045e0d8656f661b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/027c1de7d5c82e9cc80525207045e0d8656f661b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits