On 02/10 09:43, Salvatore Bonaccorso wrote:
> Whilst I'm not yet sure if we should really release a futher DSA for
> jackson-databind (we will come back to you on that), a possible idea
> for bullseye (might be better cloned/filled as new bug, but want to
> mention it here already):
Let's do a
Processing control commands:
> clone 941530 -1
Bug #941530 [src:jackson-databind] jackson-databind: CVE-2019-16942
CVE-2019-16943
Bug 941530 cloned as bug 941662
> retitle -1 jackson-databind: consider using a whitelist
Bug #941662 [src:jackson-databind] jackson-databind: CVE-2019-16942
Control: clone 941530 -1
Control: retitle -1 jackson-databind: consider using a whitelist
Control: severity -1 wishlist
Hi,
Am 02.10.19 um 09:43 schrieb Salvatore Bonaccorso:
[...]
> Whilst I'm not yet sure if we should really release a futher DSA for
> jackson-databind (we will come back to you
Hi Markus,
On Tue, Oct 01, 2019 at 10:46:16PM +0200, Markus Koschany wrote:
> Hi Salvatore,
>
> Am 01.10.19 um 22:34 schrieb Salvatore Bonaccorso:
> > Source: jackson-databind
> > Version: 2.10.0-1
> > Severity: grave
> > Tags: security upstream
> > Justification: user security hole
> >
Hi Salvatore,
Am 01.10.19 um 22:34 schrieb Salvatore Bonaccorso:
> Source: jackson-databind
> Version: 2.10.0-1
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> Forwarded: https://github.com/FasterXML/jackson-databind/issues/2478
> Control: found -1 2.9.8-3
>
Source: jackson-databind
Version: 2.10.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/FasterXML/jackson-databind/issues/2478
Control: found -1 2.9.8-3
Control: found -1 2.8.6-1+deb9u5
Control: found -1 2.8.6-1
Hi,
Tony, Markus, As it
6 matches
Mail list logo