Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5eefa4e6 by Salvatore Bonaccorso at 2020-04-08T22:01:49+02:00
Mark several jackson-databind issues as no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -32,11 +32,15 @@ CVE-2020-11621
RESERVED
CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2682
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2680
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -1363,16 +1367,22 @@ CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1,
if installed in setuid m
NOTE:
https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240
CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2670
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2666
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2664
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -1676,11 +1686,15 @@ CVE-2020-10970
RESERVED
CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2642
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2662
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -2608,12 +2622,16 @@ CVE-2020-10675 (The Library API in buger jsonparser
through 2019-12-04 allows at
CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
{DLA-2153-1}
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2660
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
{DLA-2153-1}
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2659
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -5096,18 +5114,24 @@ CVE-2020-9549 (In PDFResurrect 0.12 through 0.19,
get_type in pdf.c has an out-o
CVE-2020-9548 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
{DLA-2135-1}
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2634
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-9547 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
{DLA-2135-1}
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2634
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
{DLA-2135-1}
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2631
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -6779,6 +6803,8 @@ CVE-2020-8841 (An issue was discovered in TestLink
1.9.19. The relation_type par
CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain
xbean- ...)
{DLA-2111-1}
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2620
NOTE:
https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
@@ -15275,6 +15301,8 @@ CVE-2020-5201
CVE-2019-20330 (FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain
net.sf.eh ...)
{DLA-2111-1}
- jackson-databind 2.10.1-1
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2526
NOTE:
https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e
CVE-2019-20329 (OpenLambda 2019-09-10 allows DNS rebinding attacks against the
OL serv ...)
@@ -33309,6 +33337,8 @@ CVE-2019-17532 (An issue was discovered on Belkin Wemo
Switch 28B WW_2.00.11057.
CVE-2019-17531 (A Polymorphic Typing issue was discovered in FasterXML
jackson-databin ...)
{DLA-2030-1}
- jackson-databind 2.10.1-1
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2498
NOTE:
https://github.com/FasterXML/jackson-databind/commit/b5a304a98590b6bb766134f9261e6566dcbbb6d0
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
@@ -33989,6 +34019,8 @@ CVE-2019-17268 (The omniauth-weibo-oauth2 gem 0.4.6 for
Ruby, as distributed on
CVE-2019-17267 (A Polymorphic Typing issue was discovered in FasterXML
jackson-databin ...)
{DLA-2030-1}
- jackson-databind 2.10.0-1
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2460
NOTE:
https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2ddddb77edd895ee756b7f75eb
CVE-2019-17266 (libsoup from versions 2.65.1 until 2.68.1 have a heap-based
buffer ove ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5eefa4e6f997cbe01cce39de1e90991b487239c7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5eefa4e6f997cbe01cce39de1e90991b487239c7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
