Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
206d1fa9 by Salvatore Bonaccorso at 2020-02-11T22:56:15+01:00
Add CVE-2020-8840/jackson-databind
Note with 2.10 these issues are mitigated, the fixes are pending as well
for the 2.10 version. Mark this then later on with fixed version
entering unstable with the fix.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -87,7 +87,11 @@ CVE-2020-8842
CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type
paramete ...)
TODO: check
CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain
xbean- ...)
- TODO: check
+ - jackson-databind <unfixed>
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2620
+ NOTE:
https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by
+ NOTE: but still an issue when Default Typing is enabled.
CVE-2020-8839
RESERVED
CVE-2015-9542
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/206d1fa972208c613cdb04496656eb5dc0ff3851
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/206d1fa972208c613cdb04496656eb5dc0ff3851
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
