Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
feec1874 by Salvatore Bonaccorso at 2022-10-02T17:18:13+02:00
Add CVE-2022-4200{3,4}/jackson-databind
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,9 +7,15 @@ CVE-2022-42006
CVE-2022-42005
RESERVED
CVE-2022-42004 (In FasterXML jackson-databind before 2.13.4, resource
exhaustion can o ...)
- TODO: check
+ - jackson-databind <unfixed>
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/3582
+ NOTE:
https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
(jackson-databind-2.13.4)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
CVE-2022-42003 (In FasterXML jackson-databind before 2.14.0-rc1, resource
exhaustion c ...)
- TODO: check
+ - jackson-databind <unfixed>
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/3590
+ NOTE:
https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
(jackson-databind-2.14.0-rc1)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020
CVE-2022-42002 (SonicJS through 0.6.0 allows file overwrite. It has the
following muta ...)
NOT-FOR-US: SonicJS
CVE-2022-41981
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feec18746b1567424536f73e965005761eed3fe2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feec18746b1567424536f73e965005761eed3fe2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
