[Git][java-team/jackson-databind][stretch] Update changelog
Markus Koschany
gitlab at salsa.debian.org
Thu Jul 9 16:38:32 BST 2020
Markus Koschany pushed to branch stretch at Debian Java Maintainers / jackson-databind
Commits:
48d7dab2 by Markus Koschany at 2020-07-09T17:37:51+02:00
Update changelog
- - - - -
2 changed files:
- debian/changelog
- debian/patches/multiple-CVE-BeanDeserializerFactory.patch
Changes:
=====================================
debian/changelog
=====================================
@@ -2,11 +2,12 @@ jackson-databind (2.8.6-1+deb9u7) stretch; urgency=medium
* Add multiple-CVE-BeanDeserializerFactory.patch and block more classes from
polymorphic deserialization.
- This fixes 17 CVE that currently affect the package namely,
+ This fixes 20 CVE that currently affect the package namely,
CVE-2020-9548, CVE-2020-9547, CVE-2020-9546, CVE-2020-8840, CVE-2020-14195,
CVE-2020-14062, CVE-2020-14061, CVE-2020-14060, CVE-2020-11620,
CVE-2020-11619, CVE-2020-11113, CVE-2020-11112, CVE-2020-11111,
- CVE-2020-10969, CVE-2020-10968, CVE-2020-10673, CVE-2020-10672.
+ CVE-2020-10969, CVE-2020-10968, CVE-2020-10673, CVE-2020-10672,
+ CVE-2019-20330, CVE-2019-17531 and CVE-2019-17267.
-- Markus Koschany <apo at debian.org> Thu, 09 Jul 2020 16:42:01 +0200
=====================================
debian/patches/multiple-CVE-BeanDeserializerFactory.patch
=====================================
@@ -6,7 +6,8 @@ This is the fix for
CVE-2020-9548, CVE-2020-9547, CVE-2020-9546, CVE-2020-8840, CVE-2020-14195,
CVE-2020-14062, CVE-2020-14061, CVE-2020-14060, CVE-2020-11620, CVE-2020-11619,
CVE-2020-11113, CVE-2020-11112, CVE-2020-11111, CVE-2020-10969, CVE-2020-10968,
-CVE-2020-10673, CVE-2020-10672
+CVE-2020-10673, CVE-2020-10672, CVE-2019-20330, CVE-2019-17531 and
+CVE-2019-17267.
---
.../databind/deser/BeanDeserializerFactory.java | 109 ++++++++++++++++++---
1 file changed, 96 insertions(+), 13 deletions(-)
View it on GitLab: https://salsa.debian.org/java-team/jackson-databind/-/commit/48d7dab2f85d8dcf9734521982601e2711913750
--
View it on GitLab: https://salsa.debian.org/java-team/jackson-databind/-/commit/48d7dab2f85d8dcf9734521982601e2711913750
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20200709/bf991a53/attachment.html>
More information about the pkg-java-commits
mailing list