[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-7489/jackson-databind fixed in unstable
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 27 19:12:42 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6d6820e5 by Salvatore Bonaccorso at 2018-03-27T21:12:19+02:00
CVE-2018-7489/jackson-databind fixed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3911,7 +3911,7 @@ CVE-2018-7490 (uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use o
NOTE: https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
NOTE: https://blog.runesec.com/2018/03/01/uwsgi-path-traversal/
CVE-2018-7489 (FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 ...)
- - jackson-databind <unfixed> (bug #891614)
+ - jackson-databind 2.9.5-1 (bug #891614)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1931
NOTE: https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2
CVE-2018-7488
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d6820e559046c4cb489aca373781a4828ea64a6
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d6820e559046c4cb489aca373781a4828ea64a6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180327/8fbabdbd/attachment.html>
More information about the Secure-testing-commits
mailing list