[Secure-testing-commits] r57236 - data/CVE

Thu Nov 2 09:48:45 UTC 2017

Author: carnil
Date: 2017-11-02 09:48:45 +0000 (Thu, 02 Nov 2017)
New Revision: 57236

Modified:
   data/CVE/list
Log:
Expand more note on CVE-2017-15095

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-11-02 09:46:36 UTC (rev 57235)
+++ data/CVE/list	2017-11-02 09:48:45 UTC (rev 57236)
@@ -3634,6 +3634,9 @@
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/1737
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/e8f043d1
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/ddfddfba
+	NOTE: This CVE-2017-15095 should be considered to include everything in
+	NOTE: NO_DESER_CLASS_NAMES as of:
+	NOTE: https://github.com/FasterXML/jackson-databind/blob/7093008aa2afe8068e120df850189ae072dfa1b2/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java#L43
 	NOTE: Details: http://www.openwall.com/lists/oss-security/2017/11/02/3
 CVE-2017-15094
 	RESERVED


