[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged jackson-databind entries which got a DLA
Salvatore Bonaccorso
carnil at debian.org
Sun Apr 25 06:58:10 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
081b205c by Salvatore Bonaccorso at 2021-04-25T07:57:02+02:00
Remove no-dsa tagged jackson-databind entries which got a DLA
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20787,7 +20787,6 @@ CVE-2021-22697 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulne
CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2996
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -20795,7 +20794,6 @@ CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
CVE-2020-36188 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2996
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -20803,7 +20801,6 @@ CVE-2020-36188 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
CVE-2020-36187 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2997
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -20811,7 +20808,6 @@ CVE-2020-36187 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
CVE-2020-36186 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2997
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -20819,7 +20815,6 @@ CVE-2020-36186 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
CVE-2020-36185 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2998
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -20827,7 +20822,6 @@ CVE-2020-36185 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
CVE-2020-36184 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2998
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -20835,7 +20829,6 @@ CVE-2020-36184 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
CVE-2020-36183 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/3003
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -20843,7 +20836,6 @@ CVE-2020-36183 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
CVE-2020-36182 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -20851,7 +20843,6 @@ CVE-2020-36182 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
CVE-2020-36181 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -20859,7 +20850,6 @@ CVE-2020-36181 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
CVE-2020-36180 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -20867,7 +20857,6 @@ CVE-2020-36180 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
CVE-2020-36179 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -24540,7 +24529,6 @@ CVE-2020-35729 (KLog Server 2.4.1 allows OS command injection via shell metachar
CVE-2020-35728 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2999
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -28219,7 +28207,6 @@ CVE-2021-20191
CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishan ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2854
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -28733,7 +28720,6 @@ CVE-2020-35492 (A flaw was found in cairo's image-compositor.c in all versions p
CVE-2020-35491 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2986
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -28741,7 +28727,6 @@ CVE-2020-35491 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
CVE-2020-35490 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2986
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -46601,7 +46586,6 @@ CVE-2020-24751
CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2798
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -46896,7 +46880,6 @@ CVE-2020-24617 (Mailtrain through 1.24.1 allows SQL Injection in statsClickedSub
CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
- [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2814
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/081b205c01ee1b8c74b35873751c6d911307b67a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/081b205c01ee1b8c74b35873751c6d911307b67a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210425/b26e92b6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list