Author: seb Date: 2017-11-15 19:23:38 +0000 (Wed, 15 Nov 2017) New Revision: 57662
Modified: data/CVE/list Log: Correct version of jackson-databind affected by CVE-2017-15096 after DSA-4004-1 Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-15 12:44:48 UTC (rev 57661) +++ data/CVE/list 2017-11-15 19:23:38 UTC (rev 57662) @@ -4590,7 +4590,7 @@ CVE-2017-15095 [Incomplete fixes for CVE-2017-7525] RESERVED - jackson-databind 2.9.1-1 - NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie (2.8.6-1+deb8u1) + NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie (2.4.2-2+deb8u1) NOTE: misses the further sets of blacklists, in particular as well NOTE: https://github.com/FasterXML/jackson-databind/commit/3bfbb835 NOTE: which was already for CVE-2017-7525 but then the further tickets and patches _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits