[Git][security-tracker-team/security-tracker][master] Reserve DLA-3207-1 for jackson-databind

Sun, 27 Nov 2022 10:50:31 -0800 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ce7864de by Markus Koschany at 2022-11-27T19:50:08+01:00
Reserve DLA-3207-1 for jackson-databind

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -55199,7 +55199,6 @@ CVE-2021-46708 (The swagger-ui-dist package before 
4.1.3 for Node.js could allow
 CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow 
exception a ...)
        {DSA-5283-1 DLA-2990-1}
        - jackson-databind 2.13.2.2-1 (bug #1007109)
-       [buster] - jackson-databind <no-dsa> (Minor issue)
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2816
 CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to 
conduct spoof ...)
        - node-swagger-ui <itp> (bug #871461)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Nov 2022] DLA-3207-1 jackson-databind - security update
+       {CVE-2020-36518 CVE-2022-42003 CVE-2022-42004}
+       [buster] - jackson-databind 2.9.8-3+deb10u4
 [26 Nov 2022] DLA-3206-1 heimdal - security update
        {CVE-2019-14870 CVE-2021-3671 CVE-2021-44758 CVE-2022-3437 
CVE-2022-41916 CVE-2022-42898 CVE-2022-44640}
        [buster] - heimdal 7.5.0+dfsg-3+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -93,9 +93,6 @@ ini4j
   NOTE: 20221012: Programming language: Java.
   NOTE: 20221012: Require investigation (lamby)
 --
-jackson-databind (Markus Koschany)
-  NOTE: 20221030: Programming language: Java.
---
 jhead
   NOTE: 20221031: Programming language: C.
   NOTE: 20221031: Note that multiple options are vulnerable. The attacker have 
to trick someone to execute the command but arbitrary code exectuion is not 
good..



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce7864debc3bf998f83a9cf99927a672c729d72a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce7864debc3bf998f83a9cf99927a672c729d72a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to