Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
538d13fb by Markus Koschany at 2022-04-30T14:18:50+02:00
jackson-databind,CVE-2020-36518 fixed in unstable
- - - - -
1ffebba6 by Markus Koschany at 2022-04-30T14:19:22+02:00
Claim jackson-databind in dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -8707,7 +8707,7 @@ CVE-2021-46708 (The swagger-ui-dist package before 4.1.3
for Node.js could allow
- node-swagger-ui <itp> (bug #871461)
- swagger-ui <itp> (bug #895422)
CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow
exception a ...)
- - jackson-databind <unfixed> (bug #1007109)
+ - jackson-databind 2.13.2.2-1 (bug #1007109)
[bullseye] - jackson-databind <no-dsa> (Minor issue)
[buster] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2816
=====================================
data/dla-needed.txt
=====================================
@@ -68,7 +68,7 @@ icingaweb2 (Abhijith PA)
intel-microcode
NOTE: 20220213: please recheck
--
-jackson-databind
+jackson-databind (Markus Koschany)
NOTE: 20220320: wait for complete upstream fix (apo)
--
kicad
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c1a65777a9735156addc041287b0345105eaf11f...1ffebba629156935d6289cfd4ae4891e4d14532f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c1a65777a9735156addc041287b0345105eaf11f...1ffebba629156935d6289cfd4ae4891e4d14532f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
