https://bugzilla.redhat.com/show_bug.cgi?id=1665601
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|1024,reported=20181220,sour |1024,reported=20181220,sour
|ce=cve,cvss3=5.3/CVSS:3.0/A |ce=cve,cvss3=5.3/CVSS:3.0/A
|V:N/AC:H/PR:N/UI:R/S:U/C:N/ |V:N/AC:H/PR:N/UI:R/S:U/C:N/
|I:N/A:H,cwe=CWE-20,fuse-6/j |I:N/A:H,cwe=CWE-20,fuse-6/j
|ackson-databind=notaffected |ackson-databind=notaffected
|,rhmap-4/jackson-databind=n |,rhmap-4/jackson-databind=n
|otaffected,sam-1/jackson-da |otaffected,sam-1/jackson-da
|tabind=notaffected,fedora-a |tabind=notaffected,fedora-a
|ll/jackson-databind=notaffe |ll/jackson-databind=notaffe
|cted,fuse-7/jackson-datatyp |cted,fuse-7/jackson-datatyp
|e-jsr310=new,jdv-6/jackson- |e-jsr310=new,jdv-6/jackson-
|databind=notaffected,amq-6/ |databind=notaffected,amq-6/
|jackson-databind=notaffecte |jackson-databind=notaffecte
|d,brms-6/jackson-databind=n |d,brms-6/jackson-databind=n
|otaffected,eap-7/jackson-da |otaffected,eap-7/jackson-da
|tatype-jsr310=affected,jdg- |tatype-jsr310=affected,jdg-
|7/jackson-databind=notaffec |7/jackson-databind=notaffec
|ted,bpms-6/jackson-databind |ted,bpms-6/jackson-databind
|=notaffected,openshift-ente |=notaffected,openshift-ente
|rprise-2/jackson-databind=n |rprise-2/jackson-databind=n
|otaffected,rhev-m-4/rhvm-ap |otaffected,rhev-m-4/rhvm-ap
|pliance=notaffected,eap-6/j |pliance=defer/impact=low,ea
|ackson-databind=notaffected |p-6/jackson-databind=notaff
|,jon-3/Core |ected,jon-3/Core
|Server=notaffected,vertx-3/ |Server=notaffected,vertx-3/
|jackson-databind=notaffecte |jackson-databind=notaffecte
|d,swarm-7/jackson-databind= |d,swarm-7/jackson-databind=
|notaffected,rhn_satellite_6 |notaffected,rhn_satellite_6
|/jackson-databind=notaffect |/jackson-databind=notaffect
|ed/impact=low,rhscl-3/rh-ec |ed/impact=low,rhscl-3/rh-ec
|lipse46-jackson-databind=no |lipse46-jackson-databind=no
|taffected,fis-2/jackson-dat |taffected,fis-2/jackson-dat
|abind=notaffected,rhscl-3/r |abind=notaffected,rhscl-3/r
|h-maven35-jackson-databind= |h-maven35-jackson-databind=
|notaffected,rhel-8/jackson- |notaffected,rhel-8/jackson-
|databind=notaffected,rhpam- |databind=notaffected,rhpam-
|7/jackson-datatype-jsr310=n |7/jackson-datatype-jsr310=n
|ew,rhdm-7/jackson-datatype- |ew,rhdm-7/jackson-datatype-
|jsr310=new,rhsso-7/jackson- |jsr310=new,rhsso-7/jackson-
|datatype-jsr310=new,fedora- |datatype-jsr310=new,fedora-
|all/jackson-datatype-jsr310 |all/jackson-datatype-jsr310
|=affected |=affected
--- Comment #6 from Doran Moppert <dmoppert(a)redhat.com> ---
rhvm-appliance includes the affected package eap7-jackson-datatype-jsr310, as a
dependency of eap7-wildfly, used by ovirt-engine. However, the deserialization
classes affected by this flaw are not used by Wildfly or oVirt, and thus cannot
be exposed to untrusted input. A future update will address this
vulnerability.
--
You are receiving this mail because:
You are on the CC list for the bug.