[Git][security-tracker-team/security-tracker][master] Track fixed version for libjackson-json-java issues

Salvatore Bonaccorso carnil at debian.org
Sun Sep 20 09:07:48 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd48819f by Salvatore Bonaccorso at 2020-09-20T10:07:20+02:00
Track fixed version for libjackson-json-java issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -90264,7 +90264,7 @@ CVE-2019-10173 (It was found that xstream API version 1.4.10 before 1.4.11 intro
 	NOTE: Regression introduced and present only in 1.4.10.
 CVE-2019-10172 (A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libr ...)
 	{DLA-2342-1 DLA-2091-1}
-	- libjackson-json-java <unfixed>
+	- libjackson-json-java 1.9.13-2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1715075
 	NOTE: https://stackoverflow.com/questions/38017676/small-fix-for-cve-2016-3720-with-older-versions-of-jackson-all-1-9-11-and-in-ja/38017721
 	NOTE: https://github.com/FasterXML/jackson-1/pull/1
@@ -180109,7 +180109,7 @@ CVE-2017-15096 (A flaw was found in GlusterFS in versions prior to 3.10. A null
 CVE-2017-15095 (A deserialization flaw was discovered in the jackson-databind in versi ...)
 	{DSA-4037-1 DLA-2342-1 DLA-2091-1}
 	- jackson-databind 2.9.1-1
-	- libjackson-json-java <unfixed>
+	- libjackson-json-java 1.9.13-2
 	NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie (2.4.2-2+deb8u1)
 	NOTE: misses the further sets of blacklists, in particular as well
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/3bfbb835
@@ -203312,7 +203312,7 @@ CVE-2017-7526 (libgcrypt before version 1.7.8 is vulnerable to a cache side-chan
 CVE-2017-7525 (A deserialization flaw was discovered in the jackson-databind, version ...)
 	{DSA-4004-1 DLA-2342-1 DLA-2091-1}
 	- jackson-databind 2.9.1-1 (bug #870848)
-	- libjackson-json-java <unfixed>
+	- libjackson-json-java 1.9.13-2
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/1599
 	NOTE: For libjackson-json-java:
 	NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd48819fa85856b7814f4c4658052946f5eaea49

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd48819fa85856b7814f4c4658052946f5eaea49
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200920/7263372f/attachment.html>

More information about the debian-security-tracker-commits mailing list