[Git][security-tracker-team/security-tracker][master] CVE-2021-46877 does not affect buster
Adrian Bunk (@bunk)
bunk at debian.org
Sun Apr 30 01:08:50 BST 2023
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
abafe136 by Adrian Bunk at 2023-04-30T03:08:14+03:00
CVE-2021-46877 does not affect buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8008,7 +8008,7 @@ CVE-2022-48422 (ONLYOFFICE Docs through 7.3 on certain Linux distributions allow
CVE-2021-46877 (jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before ...)
- jackson-databind 2.13.2.2-1
[bullseye] - jackson-databind <no-dsa> (Minor issue)
- [buster] - jackson-databind <no-dsa> (Minor issue)
+ [buster] - jackson-databind <not-affected> (Vulnerable code introduced in 2.10)
NOTE: https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw
NOTE: https://github.com/FasterXML/jackson-databind/issues/3328
NOTE: https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb (jackson-databind-2.12.6)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abafe1363e7f0612419984d8f0227f4ad67cd050
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abafe1363e7f0612419984d8f0227f4ad67cd050
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230430/69bc102f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list