Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1f1ffe83 by Markus Koschany at 2019-03-04T11:00:16Z
Reserve DLA-1703-1 for jackson-databind
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[04 Mar 2019] DLA-1703-1 jackson-databind - security update
+ {CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14718
CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361
CVE-2018-19362}
+ [jessie] - jackson-databind 2.4.2-2+deb8u5
[02 Mar 2019] DLA-1702-1 advancecomp - security update
{CVE-2018-1056 CVE-2019-9210}
[jessie] - advancecomp 1.19-1+deb8u1
=====================================
data/dla-needed.txt
=====================================
@@ -32,11 +32,6 @@ imagemagick (Roberto C. Sánchez)
NOTE: new upstream version like the security team did with Graphicsmagick in
NOTE: Stretch. (apo)
--
-jackson-databind (Markus Koschany)
- NOTE: 20190210: fix for all the CVEs is to add entries to a blacklist
- NOTE: 20190210: this blacklist (class SubTypeValidator) is not available in
Jessie
- NOTE: 20190210: should that be backported or the CVEs marked as no-dsa?
---
kde4libs (Hugo Lefeuvre)
--
libav
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f1ffe839302a9b73d49bf69e6340d0fd5713d44
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f1ffe839302a9b73d49bf69e6340d0fd5713d44
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
