[Git][security-tracker-team/security-tracker][master] 2 commits: Move the libjackson-json-java CVE-2017-7525 note to the correct CVE

Sat Nov 30 21:09:36 GMT 2019


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42d593db by Adrian Bunk at 2019-11-30T21:00:39Z
Move the libjackson-json-java CVE-2017-7525 note to the correct CVE

- - - - -
c8665ec4 by Adrian Bunk at 2019-11-30T21:09:22Z
Reserve DLA-2018-1 for proftpd-dfsg

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -143026,11 +143026,11 @@ CVE-2017-7525 (A deserialization flaw was discovered in the jackson-databind, ve
 	- jackson-databind 2.9.1-1 (bug #870848)
 	- libjackson-json-java <unfixed>
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/1599
+	NOTE: For libjackson-json-java:
+	NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31
 CVE-2017-7524 (tpm2-tools versions before 1.1.1 are vulnerable to a password leak due ...)
 	- tpm2-tools 2.1.0-1 (bug #866257)
 	NOTE: https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157
-	NOTE: For libjackson-json-java:
-	NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31
 CVE-2017-7523 (Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buff ...)
 	NOT-FOR-US: Cygwin
 CVE-2017-7522 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Nov 2019] DLA-2018-1 proftpd-dfsg - security update
+	{CVE-2019-19269}
+	[jessie] - proftpd-dfsg 1.3.5e+r1.3.5-2+deb8u5
 [30 Nov 2019] DLA-2017-1 asterisk - security update
 	{CVE-2019-13161 CVE-2019-18610 CVE-2019-18790}
 	[jessie] - asterisk 1:11.13.1~dfsg-2+deb8u7


=====================================
data/dla-needed.txt
=====================================
@@ -101,8 +101,6 @@ php-horde-trean (Roberto C. Sánchez)
   NOTE: 20191118: Upstream closed the ticket related to CVE-2019-12095, indicating that it is low priority for them. (roberto)
   NOTE: 20191126: Corresponding with security team regarding CVE assignments. (roberto)
 --
-proftpd-dfsg (Adrian Bunk)
---
 python-reportlab (Hugo Lefeuvre)
   NOTE: 20191123: still no upstream fix
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/86cd397914a518d834c1ac363c47268235843aa2...c8665ec4e17389bb363d3c340bd6b41ecda75daf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/86cd397914a518d834c1ac363c47268235843aa2...c8665ec4e17389bb363d3c340bd6b41ecda75daf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191130/369ade69/attachment.html>
