https://bugzilla.redhat.com/show_bug.cgi?id=1506612
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Group|security, qe_staff |
CC| |abhgupta(a)redhat.com,
| |aileenc(a)redhat.com,
| |alazarot(a)redhat.com,
| |anstephe(a)redhat.com,
| |bmcclain(a)redhat.com,
| |cbillett(a)redhat.com,
| |dblechte(a)redhat.com,
| |drusso(a)redhat.com,
| |eedri(a)redhat.com,
| |etirelli(a)redhat.com,
| |felias(a)redhat.com,
| |gklein(a)redhat.com,
| |hchiorea(a)redhat.com,
| |hghasemb(a)redhat.com,
| |ibek(a)redhat.com,
| |java-sig-commits(a)lists.fedo
| |raproject.org,
| |jcoleman(a)redhat.com,
| |jmadigan(a)redhat.com,
| |jolee(a)redhat.com,
| |kpiwko(a)redhat.com,
| |kseifried(a)redhat.com,
| |kverlaen(a)redhat.com,
| |lef(a)fedoraproject.org,
| |lgriffin(a)redhat.com,
| |loleary(a)redhat.com,
| |lpetrovi(a)redhat.com,
| |lsurette(a)redhat.com,
| |mgoldboi(a)redhat.com,
| |miburman(a)redhat.com,
| |michal.skrivanek(a)redhat.com
| |, ngough(a)redhat.com,
| |nwallace(a)redhat.com,
| |paradhya(a)redhat.com,
| |pavelp(a)redhat.com,
| |pbraun(a)redhat.com,
| |pszubiak(a)redhat.com,
| |puntogil(a)libero.it,
| |pwright(a)redhat.com,
| |rbalakri(a)redhat.com,
| |Rhev-m-bugs(a)redhat.com,
| |rrajasek(a)redhat.com,
| |rsynek(a)redhat.com,
| |rzhang(a)redhat.com,
| |sdaley(a)redhat.com,
| |sherold(a)redhat.com,
| |spinder(a)redhat.com,
| |srevivo(a)redhat.com,
| |theute(a)redhat.com,
| |tiwillia(a)redhat.com,
| |tomckay(a)redhat.com,
| |vhalbert(a)redhat.com,
| |ykaul(a)redhat.com,
| |ylavi(a)redhat.com
Summary|EMBARGOED CVE-2017-15095 |CVE-2017-15095
|jackson-databind: Unsafe |jackson-databind: Unsafe
|deserialization due to |deserialization due to
|incomplete black list |incomplete black list
|(incomplete fix for |(incomplete fix for
|CVE-2017-7525) |CVE-2017-7525)
Whiteboard|impact=important,reported=2 |impact=important,public=201
|0171010,source=researcher,c |71102,reported=20171010,sou
|vss3=8.1/CVSS:3.0/AV:N/AC:H |rce=researcher,cvss3=8.1/CV
|/PR:N/UI:N/S:U/C:H/I:H/A:H, |SS:3.0/AV:N/AC:H/PR:N/UI:N/
|cwe=CWE-184,fedora-all/jack |S:U/C:H/I:H/A:H,cwe=CWE-184
|son-databind=affected,amq-6 |,fedora-all/jackson-databin
|/jackson-databind=notaffect |d=affected,amq-6/jackson-da
|ed,jdg-7/jackson-databind=n |tabind=notaffected,jdg-7/ja
|otaffected,jdv-6/jackson-da |ckson-databind=notaffected,
|tabind=notaffected,eap-7/ja |jdv-6/jackson-databind=nota
|ckson-databind=affected,bpm |ffected,eap-7/jackson-datab
|s-6/jackson-databind=notaff |ind=affected,bpms-6/jackson
|ected,brms-6/jackson-databi |-databind=notaffected,brms-
|nd=notaffected,fuse-6/jacks |6/jackson-databind=notaffec
|on-databind=notaffected,ope |ted,fuse-6/jackson-databind
|nshift-enterprise-2/jackson |=notaffected,openshift-ente
|-databind=notaffected,rhn_s |rprise-2/jackson-databind=n
|atellite_6/jackson-databind |otaffected,rhn_satellite_6/
|=affected,rhmap-4/jackson-d |jackson-databind=affected,r
|atabind=notaffected,sam-1/j |hmap-4/jackson-databind=not
|ackson-databind=wontfix,rhe |affected,sam-1/jackson-data
|v-m-3/jasperreports-server- |bind=wontfix,rhev-m-3/jaspe
|pro=wontfix/impact=moderate |rreports-server-pro=wontfix
|,rhev-m-4/eap7-jackson-data |/impact=moderate,rhev-m-4/e
|bind=wontfix/impact=moderat |ap7-jackson-databind=wontfi
|e,rhscl-3/rh-eclipse46-jack |x/impact=moderate,rhscl-3/r
|son-databind=affected,jon-3 |h-eclipse46-jackson-databin
|/Core |d=affected,jon-3/Core
|Server=notaffected,eap-6/ja |Server=notaffected,eap-6/ja
|ckson-databind=affected,dts |ckson-databind=affected,dts
|-4/devtoolset-4-jackson-dat |-4/devtoolset-4-jackson-dat
|abind=affected,rhscl-3/rh-m |abind=affected,rhscl-3/rh-m
|aven35-jackson-databind=aff |aven35-jackson-databind=aff
|ected |ected
--
You are receiving this mail because:
You are on the CC list for the bug.