Author: seb
Date: 2017-11-15 19:23:38 +0000 (Wed, 15 Nov 2017)
New Revision: 57662
Modified:
data/CVE/list
Log:
Correct version of jackson-databind affected by CVE-2017-15096 after DSA-4004-1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-15 12:44:48 UTC (rev 57661)
+++ data/CVE/list 2017-11-15 19:23:38 UTC (rev 57662)
@@ -4590,7 +4590,7 @@
CVE-2017-15095 [Incomplete fixes for CVE-2017-7525]
RESERVED
- jackson-databind 2.9.1-1
- NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie
(2.8.6-1+deb8u1)
+ NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie
(2.4.2-2+deb8u1)
NOTE: misses the further sets of blacklists, in particular as well
NOTE: https://github.com/FasterXML/jackson-databind/commit/3bfbb835
NOTE: which was already for CVE-2017-7525 but then the further tickets
and patches
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
