[Git][security-tracker-team/security-tracker][master] Add CVE-2020-8840/jackson-databind
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 11 21:57:52 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
206d1fa9 by Salvatore Bonaccorso at 2020-02-11T22:56:15+01:00
Add CVE-2020-8840/jackson-databind
Note with 2.10 these issues are mitigated, the fixes are pending as well
for the 2.10 version. Mark this then later on with fixed version
entering unstable with the fix.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -87,7 +87,11 @@ CVE-2020-8842
CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...)
TODO: check
CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...)
- TODO: check
+ - jackson-databind <unfixed>
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2620
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by
+ NOTE: but still an issue when Default Typing is enabled.
CVE-2020-8839
RESERVED
CVE-2015-9542
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/206d1fa972208c613cdb04496656eb5dc0ff3851
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/206d1fa972208c613cdb04496656eb5dc0ff3851
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200211/11c71732/attachment.html>
More information about the debian-security-tracker-commits
mailing list