[Secure-testing-commits] r54322 - data/CVE

Salvatore Bonaccorso Sat, 05 Aug 2017 12:25:04 -0700

Author: carnil
Date: 2017-08-05 19:24:07 +0000 (Sat, 05 Aug 2017)
New Revision: 54322


Modified:
   data/CVE/list
Log:
Add information for CVE-2017-7525/jackson-databind

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-05 18:48:37 UTC (rev 54321)
+++ data/CVE/list       2017-08-05 19:24:07 UTC (rev 54322)
@@ -13706,9 +13706,10 @@
        NOTE: 
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fbd10abc057453789017f11c7f1fc8e6c61b79a3
        NOTE: For the particular attack to RSA, either (A) or (B) is enough. In
        NOTE: general cases, (A) plus (B) is needed.
-CVE-2017-7525
+CVE-2017-7525 [Deserialization vulnerability via readValue method of 
ObjectMapper]
        RESERVED
        - jackson-databind <unfixed>
+       NOTE: https://github.com/FasterXML/jackson-databind/issues/1599
 CVE-2017-7524 (tpm2-tools versions before 1.1.1 are vulnerable to a password 
leak due ...)
        - tpm2-tools <unfixed> (bug #866257)
        NOTE: 
https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r54322 - data/CVE

Reply via email to