[Git][security-tracker-team/security-tracker][master] Triage CVE-2020-36179 → CVE-2020-36189 in jackson-databind for stretch LTS.
Chris Lamb
lamby at debian.org
Fri Jan 8 08:47:26 GMT 2021
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f3529fa0 by Chris Lamb at 2021-01-08T08:46:42+00:00
Triage CVE-2020-36179 → CVE-2020-36189 in jackson-databind for stretch LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1059,66 +1059,77 @@ CVE-2021-22697
CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
+ [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2996
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-36188 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
+ [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2996
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-36187 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
+ [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2997
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-36186 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
+ [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2997
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-36185 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
+ [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2998
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-36184 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
+ [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2998
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-36183 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
+ [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/3003
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-36182 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
+ [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-36181 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
+ [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-36180 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
+ [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-36179 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
+ [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3529fa07b223aff91de7ca1599ebb2e020a67c0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3529fa07b223aff91de7ca1599ebb2e020a67c0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210108/39bedf4c/attachment.html>
More information about the debian-security-tracker-commits
mailing list