Summary: | dev-java/jackson-databind: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | java, treecleaner |
Priority: | Normal | Keywords: | PMASKED |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/FasterXML/jackson-databind/issues/1855 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=699106 | ||
Whiteboard: | ~2 [upstream/ebuild] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 648952, 674670, 675156, 675650 | ||
Deadline: | 2019-05-12 |
Description
D'juan McDonald (domhnall)
2019-01-17 10:36:59 UTC
How to check: 1. get source file 2. jackson-databind is included in pom.xml 3. grep for "<artifactId>jackson-databind</artifactId>" and version is affected listed in Affection section. 4.check whether the `enableDefaultTyping` method is called in the code. If yes for 2,3,4... package is affected. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad77bce60d04e76bd37cbfc87cf35cb58a0f8a92 commit ad77bce60d04e76bd37cbfc87cf35cb58a0f8a92 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-04-13 03:21:11 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-04-13 03:22:33 +0000 profiles/package.mask: add dev-java/jackson-databind * Multiple security vulnerabilities * No revbump in several years Bug: https://bugs.gentoo.org/675682 Signed-off-by: Aaron Bauman <bman@gentoo.org> profiles/package.mask | 12 ++++++++++++ 1 file changed, 12 insertions(+) Package removed from the Portage tree. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6599dc1625a0840c6280b60cc6cacf388fc8d049 |