[Git][security-tracker-team/security-tracker][master] unclaim jackson-databind, not sure what to do in this case
Thorsten Alteholz
alteholz at debian.org
Sun Feb 10 19:23:02 GMT 2019
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fcbcadad by Thorsten Alteholz at 2019-02-10T19:24:48Z
unclaim jackson-databind, not sure what to do in this case
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.txt
=====================================
@@ -47,7 +47,10 @@ imagemagick
NOTE: new upstream version like the security team did with Graphicsmagick in
NOTE: Stretch. (apo)
--
-jackson-databind (Thorsten Alteholz)
+jackson-databind
+ NOTE: 20190210: fix for all the CVEs is to add entries to a blacklist
+ NOTE: 20190210: this blacklist (class SubTypeValidator) is not available in Jessie
+ NOTE: 20190210: should that be backported or the CVEs marked as no-dsa?
--
libav (Mike Gabriel)
NOTE: 20190131: Re-added after ~deb8u5 upload. Still not done, yet.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fcbcadadd5fbe091c6497c61196ed5602ffa8188
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fcbcadadd5fbe091c6497c61196ed5602ffa8188
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190210/a83c31ce/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list