[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] jackson-databind issues fixed in unstable with 2.9.4 new upstream version
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 26 06:21:14 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d57e3cd9 by Salvatore Bonaccorso at 2018-01-26T07:20:29+01:00
jackson-databind issues fixed in unstable with 2.9.4 new upstream version
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -895,7 +895,7 @@ CVE-2018-5970
CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via ...)
NOT-FOR-US: Photography CMS
CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 ...)
- - jackson-databind <unfixed> (bug #888316)
+ - jackson-databind 2.9.4-1 (bug #888316)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1899
NOTE: https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter ...)
@@ -12539,7 +12539,7 @@ CVE-2017-17487
CVE-2017-17486
RESERVED
CVE-2017-17485 (FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 ...)
- - jackson-databind <unfixed> (bug #888318)
+ - jackson-databind 2.9.4-1 (bug #888318)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1528565#c0
NOTE: https://github.com/FasterXML/jackson-databind/issues/1855
CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d57e3cd92b7c8a897c8f358edae7fe2d9328280d
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d57e3cd92b7c8a897c8f358edae7fe2d9328280d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180126/1a7aabc6/attachment.html>
More information about the Secure-testing-commits
mailing list