Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 027c1de7 by Salvatore Bonaccorso at 2019-01-10T20:55:26Z Add four new jackson-databind issues All four CVE-2018-14718, CVE-2018-14719, CVE-2018-14720 and CVE-2018-14721 already adressed in unstable upload with the 2.9.8-1 upload. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -27606,13 +27606,21 @@ CVE-2018-14722 (An issue was discovered in evaluate_auto_mountpoint in ...) - btrfsmaintenance 0.4.1-2 (bug #906131) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1102721 CVE-2018-14721 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote ...) - TODO: check + - jackson-databind 2.9.8-1 + NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2097 CVE-2018-14720 (FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to ...) - TODO: check + - jackson-databind 2.9.8-1 + NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2097 CVE-2018-14719 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote ...) - TODO: check + - jackson-databind 2.9.8-1 + NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2097 CVE-2018-14718 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote ...) - TODO: check + - jackson-databind 2.9.8-1 + NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2097 CVE-2018-14717 RESERVED CVE-2018-14716 (A Server Side Template Injection (SSTI) was discovered in the SEOmatic ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/027c1de7d5c82e9cc80525207045e0d8656f661b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/027c1de7d5c82e9cc80525207045e0d8656f661b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits