[Git][security-tracker-team/security-tracker][master] Reserve DLA-1703-1 for jackson-databind

[Markus Koschany]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1f1ffe83 by Markus Koschany at 2019-03-04T11:00:16Z
Reserve DLA-1703-1 for jackson-databind

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[04 Mar 2019] DLA-1703-1 jackson-databind - security update
+	{CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362}
+	[jessie] - jackson-databind 2.4.2-2+deb8u5
 [02 Mar 2019] DLA-1702-1 advancecomp - security update
 	{CVE-2018-1056 CVE-2019-9210}
 	[jessie] - advancecomp 1.19-1+deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -32,11 +32,6 @@ imagemagick (Roberto C. Sánchez)
   NOTE: new upstream version like the security team did with Graphicsmagick in
   NOTE: Stretch. (apo)
 --
-jackson-databind (Markus Koschany)
-  NOTE: 20190210: fix for all the CVEs is to add entries to a blacklist
-  NOTE: 20190210: this blacklist (class SubTypeValidator) is not available in Jessie
-  NOTE: 20190210: should that be backported or the CVEs marked as no-dsa?
---
 kde4libs (Hugo Lefeuvre)
 --
 libav



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f1ffe839302a9b73d49bf69e6340d0fd5713d44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f1ffe839302a9b73d49bf69e6340d0fd5713d44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190304/abfffab3/attachment.html>