[Git][security-tracker-team/security-tracker][master] 2 commits: jackson-databind,CVE-2020-36518 fixed in unstable
Markus Koschany (@apo)
apo at debian.org
Sat Apr 30 13:19:46 BST 2022
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
538d13fb by Markus Koschany at 2022-04-30T14:18:50+02:00
jackson-databind,CVE-2020-36518 fixed in unstable
- - - - -
1ffebba6 by Markus Koschany at 2022-04-30T14:19:22+02:00
Claim jackson-databind in dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -8707,7 +8707,7 @@ CVE-2021-46708 (The swagger-ui-dist package before 4.1.3 for Node.js could allow
- node-swagger-ui <itp> (bug #871461)
- swagger-ui <itp> (bug #895422)
CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow exception a ...)
- - jackson-databind <unfixed> (bug #1007109)
+ - jackson-databind 2.13.2.2-1 (bug #1007109)
[bullseye] - jackson-databind <no-dsa> (Minor issue)
[buster] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2816
=====================================
data/dla-needed.txt
=====================================
@@ -68,7 +68,7 @@ icingaweb2 (Abhijith PA)
intel-microcode
NOTE: 20220213: please recheck
--
-jackson-databind
+jackson-databind (Markus Koschany)
NOTE: 20220320: wait for complete upstream fix (apo)
--
kicad
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c1a65777a9735156addc041287b0345105eaf11f...1ffebba629156935d6289cfd4ae4891e4d14532f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c1a65777a9735156addc041287b0345105eaf11f...1ffebba629156935d6289cfd4ae4891e4d14532f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220430/22a69aa1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list