[Git][security-tracker-team/security-tracker][master] Add four new jackson-databind issues

Salvatore Bonaccorso carnil at debian.org
Thu Jan 10 20:56:38 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
027c1de7 by Salvatore Bonaccorso at 2019-01-10T20:55:26Z
Add four new jackson-databind issues

All four CVE-2018-14718, CVE-2018-14719, CVE-2018-14720 and
CVE-2018-14721 already adressed in unstable upload with the 2.9.8-1
upload.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27606,13 +27606,21 @@ CVE-2018-14722 (An issue was discovered in evaluate_auto_mountpoint in ...)
 	- btrfsmaintenance 0.4.1-2 (bug #906131)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1102721
 CVE-2018-14721 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote ...)
-	TODO: check
+	- jackson-databind 2.9.8-1
+	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
+	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14720 (FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to ...)
-	TODO: check
+	- jackson-databind 2.9.8-1
+	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
+	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14719 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote ...)
-	TODO: check
+	- jackson-databind 2.9.8-1
+	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
+	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14718 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote ...)
-	TODO: check
+	- jackson-databind 2.9.8-1
+	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
+	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14717
 	RESERVED
 CVE-2018-14716 (A Server Side Template Injection (SSTI) was discovered in the SEOmatic ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/027c1de7d5c82e9cc80525207045e0d8656f661b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/027c1de7d5c82e9cc80525207045e0d8656f661b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190110/b486b480/attachment.html>

More information about the debian-security-tracker-commits mailing list