Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: ce7864de by Markus Koschany at 2022-11-27T19:50:08+01:00 Reserve DLA-3207-1 for jackson-databind - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -55199,7 +55199,6 @@ CVE-2021-46708 (The swagger-ui-dist package before 4.1.3 for Node.js could allow CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow exception a ...) {DSA-5283-1 DLA-2990-1} - jackson-databind 2.13.2.2-1 (bug #1007109) - [buster] - jackson-databind <no-dsa> (Minor issue) NOTE: https://github.com/FasterXML/jackson-databind/issues/2816 CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to conduct spoof ...) - node-swagger-ui <itp> (bug #871461) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[27 Nov 2022] DLA-3207-1 jackson-databind - security update + {CVE-2020-36518 CVE-2022-42003 CVE-2022-42004} + [buster] - jackson-databind 2.9.8-3+deb10u4 [26 Nov 2022] DLA-3206-1 heimdal - security update {CVE-2019-14870 CVE-2021-3671 CVE-2021-44758 CVE-2022-3437 CVE-2022-41916 CVE-2022-42898 CVE-2022-44640} [buster] - heimdal 7.5.0+dfsg-3+deb10u1 ===================================== data/dla-needed.txt ===================================== @@ -93,9 +93,6 @@ ini4j NOTE: 20221012: Programming language: Java. NOTE: 20221012: Require investigation (lamby) -- -jackson-databind (Markus Koschany) - NOTE: 20221030: Programming language: Java. --- jhead NOTE: 20221031: Programming language: C. NOTE: 20221031: Note that multiple options are vulnerable. The attacker have to trick someone to execute the command but arbitrary code exectuion is not good.. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce7864debc3bf998f83a9cf99927a672c729d72a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce7864debc3bf998f83a9cf99927a672c729d72a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits