[Git][security-tracker-team/security-tracker][master] Add CVE-2026-29062/jackson-core

Fri Mar 6 20:59:46 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9d68b0c5 by Salvatore Bonaccorso at 2026-03-06T21:59:22+01:00
Add CVE-2026-29062/jackson-core

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -287,7 +287,11 @@ CVE-2026-29068 (PJSIP is a free and open source multimedia communication library
 CVE-2026-29065 (changedetection.io is a free open source web page change detection too ...)
 	NOT-FOR-US: changedetection.io
 CVE-2026-29062 (jackson-core contains core low-level incremental ("streaming") parser  ...)
-	TODO: check
+	- jackson-core <not-affected> (Vulnerable code specific to 3.0 series)
+	NOTE: https://github.com/FasterXML/jackson-core/security/advisories/GHSA-6v53-7c9g-w56r
+	NOTE: https://github.com/FasterXML/jackson-core/pull/1554
+	NOTE: https://github.com/FasterXML/jackson-core/commit/8b25fd67f20583e75fb09564ce1eaab06cd5a902 (jackson-core-3.1.0)
+	NOTE: CVE relates to CVE-2025-52999 but specific to the 3.0 series.
 CVE-2026-29061 (Gokapi is a self-hosted file sharing server with automatic expiration  ...)
 	NOT-FOR-US: Gokapi
 CVE-2026-29060 (Gokapi is a self-hosted file sharing server with automatic expiration  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d68b0c5e20d2f8848049253a67c066be78cca13

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d68b0c5e20d2f8848049253a67c066be78cca13
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260306/ef3f044b/attachment-0001.htm>
