[Git][security-tracker-team/security-tracker][master] new libjackson-json-java issue

Mon Nov 25 08:00:58 GMT 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7cab30f8 by Moritz Muehlenhoff at 2019-11-25T08:00:33Z
new libjackson-json-java issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29321,7 +29321,9 @@ CVE-2019-10173 (It was found that xstream API version 1.4.10 before 1.4.11 intro
 	NOTE: http://x-stream.github.io/changes.html#1.4.11
 	NOTE: Regression introduced and present only in 1.4.10.
 CVE-2019-10172 (A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libr ...)
-	TODO: check
+	- libjackson-json-java <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1715075
+	NOTE: https://stackoverflow.com/questions/38017676/small-fix-for-cve-2016-3720-with-older-versions-of-jackson-all-1-9-11-and-in-ja/38017721
 CVE-2019-10171 (It was found that the fix for CVE-2018-14648 in 389-ds-base, versions  ...)
 	- 389-ds-base <not-affected> (Incomplete RHEL backport)
 CVE-2019-10170



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7cab30f8f60d1423b9f1725fb77513e6760d1237

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7cab30f8f60d1423b9f1725fb77513e6760d1237
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191125/5252b44d/attachment.html>
