Summary: | <dev-java/jackson-databind-2.13.4.1: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | java |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/27763 https://github.com/gentoo/gentoo/pull/27868 |
||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 877161 | ||
Bug Blocks: |
Description
John Helmert III
2022-10-02 12:39:46 UTC
vaukai, are both of these patches in 2.13.4.1? (In reply to John Helmert III from comment #1) > vaukai, are both of these patches in 2.13.4.1? If I don't misread https://github.com/FasterXML/jackson-databind/issues/3590#issuecomment-1276691918 I'd say yes. Indeed, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1702e89d38d5cb36e5e5f07fed89292cf2a603bc commit 1702e89d38d5cb36e5e5f07fed89292cf2a603bc Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2022-10-13 05:37:39 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2022-10-14 18:42:41 +0000 dev-java/jackson-databind: add 2.13.4.1, drop 2.13.4 Bug: https://bugs.gentoo.org/874033 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/jackson-databind/Manifest | 2 +- ...kson-databind-2.13.4.ebuild => jackson-databind-2.13.4.1.ebuild} | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) Thanks! Please stabilize when ready The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c6207b924ced00516afb75774bb3432e8064d6b commit 8c6207b924ced00516afb75774bb3432e8064d6b Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2022-10-20 12:20:55 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2022-10-20 16:31:54 +0000 dev-java/jackson-databind: drop 2.13.3 Closes: https://bugs.gentoo.org/832693 Bug: https://bugs.gentoo.org/874033 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/jackson-databind/Manifest | 1 - .../jackson-databind-2.13.3.ebuild | 83 ---------------------- 2 files changed, 84 deletions(-) GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9fffe4ab96a075d745848223a2c479909aa5003f commit 9fffe4ab96a075d745848223a2c479909aa5003f Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:15:38 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:15 +0000 [ GLSA 202210-21 ] FasterXML jackson-databind: Multiple vulnerabilities Bug: https://bugs.gentoo.org/874033 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-21.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) GLSA released, all done! |