[Secure-testing-commits] r57678 - in data: . DSA

Thu Nov 16 11:36:49 UTC 2017

Author: seb
Date: 2017-11-16 11:36:49 +0000 (Thu, 16 Nov 2017)
New Revision: 57678

Modified:
   data/DSA/list
   data/dsa-needed.txt
Log:
Reserve DSA-4037-1 for jackson-databind (CVE-2017-15095)

Modified: data/DSA/list
===================================================================

--- data/DSA/list	2017-11-16 10:11:39 UTC (rev 57677)
+++ data/DSA/list	2017-11-16 11:36:49 UTC (rev 57678)
@@ -1,3 +1,7 @@
+[16 Nov 2017] DSA-4037-1 jackson-databind - security update
+	{CVE-2017-15095}
+	[jessie] - jackson-databind 2.4.2-2+deb8u2
+	[stretch] - jackson-databind 2.8.6-1+deb9u2
 [15 Nov 2017] DSA-4036-1 mediawiki - security update
 	{CVE-2017-8808 CVE-2017-8809 CVE-2017-8810 CVE-2017-8811 CVE-2017-8812 CVE-2017-8814 CVE-2017-8815}
 	[stretch] - mediawiki 1:1.27.4-1~deb9u1

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2017-11-16 10:11:39 UTC (rev 57677)
+++ data/dsa-needed.txt	2017-11-16 11:36:49 UTC (rev 57678)
@@ -18,9 +18,6 @@
 --
 imagemagick/oldstable (jmm)
 --
-jackson-databind (seb)
-  For CVE-2017-15095 (see notes for missing commits)
---
 libav/oldstable
   We can ship the next libav 11.x point release when available
 --


