[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-15095)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1528565
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|71212,reported=20171206,sou |71212,reported=20171206,sou
|rce=researcher,cvss3=8.1/CV |rce=researcher,cvss3=8.1/CV
|SS:3.0/AV:N/AC:H/PR:N/UI:N/ |SS:3.0/AV:N/AC:H/PR:N/UI:N/
|S:U/C:H/I:H/A:H,eap-6/reste |S:U/C:H/I:H/A:H,eap-6/reste
|asy=notaffected,fedora-all/ |asy=notaffected,fedora-all/
|jackson-databind=new,jdg-7/ |jackson-databind=affected,j
|jackson-databind=new,jon-3/ |dg-7/jackson-databind=new,j
|resteasy=notaffected,opensh |on-3/resteasy=notaffected,o
|ift-enterprise-2/jackson-da |penshift-enterprise-2/jacks
|tabind=new,dts-4/devtoolset |on-databind=new,dts-4/devto
|-4-jackson-databind=wontfix |olset-4-jackson-databind=wo
|,rhev-m-3/jasperreports-ser |ntfix,rhev-m-3/jasperreport
|ver-pro=new,rhev-m-4/eap7-j |s-server-pro=wontfix,rhev-m
|ackson-databind=new,amq-6/j |-4/eap7-jackson-databind=af
|ackson-databind=notaffected |fected,amq-6/jackson-databi
|,bpms-6/jackson-databind=ne |nd=notaffected,bpms-6/jacks
|w,jdv-6/jackson-databind=ne |on-databind=new,jdv-6/jacks
|w,fuse-6/jackson-databind=n |on-databind=new,fuse-6/jack
|otaffected,rhmap-4/jackson- |son-databind=notaffected,rh
|databind=notaffected,rhn_sa |map-4/jackson-databind=nota
|tellite_6/jackson-databind= |ffected,rhn_satellite_6/jac
|new,rhscl-3/rh-eclipse46-ja |kson-databind=new,rhscl-3/r
|ckson-databind=new,rhscl-3/ |h-eclipse46-jackson-databin
|rh-maven35-jackson-databind |d=affected,rhscl-3/rh-maven
|=new,sam-1/jackson-databind |35-jackson-databind=affecte
|=wontfix,eap-7/resteasy=aff |d,sam-1/jackson-databind=wo
|ected |ntfix,eap-7/resteasy=affect
| |ed
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 4 months
[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-15095)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1528565
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|71212,reported=20171206,sou |71212,reported=20171206,sou
|rce=researcher,cvss3=8.1/CV |rce=researcher,cvss3=8.1/CV
|SS:3.0/AV:N/AC:H/PR:N/UI:N/ |SS:3.0/AV:N/AC:H/PR:N/UI:N/
|S:U/C:H/I:H/A:H,eap-6/reste |S:U/C:H/I:H/A:H,eap-6/reste
|asy=notaffected,fedora-all/ |asy=notaffected,fedora-all/
|jackson-databind=new,jdg-7/ |jackson-databind=new,jdg-7/
|jackson-databind=new,jon-3/ |jackson-databind=new,jon-3/
|resteasy=notaffected,opensh |resteasy=notaffected,opensh
|ift-enterprise-2/jackson-da |ift-enterprise-2/jackson-da
|tabind=new,dts-4/devtoolset |tabind=new,dts-4/devtoolset
|-4-jackson-databind=new,rhe |-4-jackson-databind=wontfix
|v-m-3/jasperreports-server- |,rhev-m-3/jasperreports-ser
|pro=new,rhev-m-4/eap7-jacks |ver-pro=new,rhev-m-4/eap7-j
|on-databind=new,amq-6/jacks |ackson-databind=new,amq-6/j
|on-databind=notaffected,bpm |ackson-databind=notaffected
|s-6/jackson-databind=new,jd |,bpms-6/jackson-databind=ne
|v-6/jackson-databind=new,fu |w,jdv-6/jackson-databind=ne
|se-6/jackson-databind=notaf |w,fuse-6/jackson-databind=n
|fected,rhmap-4/jackson-data |otaffected,rhmap-4/jackson-
|bind=notaffected,rhn_satell |databind=notaffected,rhn_sa
|ite_6/jackson-databind=new, |tellite_6/jackson-databind=
|rhscl-3/rh-eclipse46-jackso |new,rhscl-3/rh-eclipse46-ja
|n-databind=new,rhscl-3/rh-m |ckson-databind=new,rhscl-3/
|aven35-jackson-databind=new |rh-maven35-jackson-databind
|,sam-1/jackson-databind=won |=new,sam-1/jackson-databind
|tfix,eap-7/resteasy=affecte |=wontfix,eap-7/resteasy=aff
|d |ected
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 4 months