Skip to content
GitLab
Explore
Sign in
Register
Commits on Source (5)
Fix CVE-2019-16942
· 2ee96a30
Markus Koschany
authored
Oct 03, 2019
2ee96a30
Update changelog
· 712b3220
Markus Koschany
authored
Oct 03, 2019
712b3220
Drop CVE-2019-16942.patch
· aa47aaf2
Markus Koschany
authored
Oct 03, 2019
aa47aaf2
Refresh CVE patch
· 0bc9aa2a
Markus Koschany
authored
Oct 03, 2019
0bc9aa2a
Update changelog
· 97e74444
Markus Koschany
authored
Oct 03, 2019
97e74444
Show whitespace changes
Inline
Side-by-side
debian/changelog
View file @
97e74444
jackson-databind (2.10.0-2) unstable; urgency=high
* Fix CVE-2019-16942 and CVE-2019-16943.
Block two more gadget types (commons-dbcp, p6spy). (Closes: #941530)
-- Markus Koschany <apo@debian.org> Thu, 03 Oct 2019 15:48:58 +0200
jackson-databind (2.10.0-1) unstable; urgency=medium
* Team upload.
...
...
debian/patches/CVE-2019-16942-and-CVE-2019-16943.patch
0 → 100644
View file @
97e74444
From: Markus Koschany <apo@debian.org>
Date: Thu, 3 Oct 2019 15:56:30 +0200
Subject: CVE-2019-16942 and CVE-2019-16943
Forwarded: not-needed
---
.../fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index e54149e..4215b4e 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -112,6 +112,10 @@
public class SubTypeValidator
// [databind#2469]: xalan2
s.add("org.apache.xalan.lib.sql.JNDIConnectionPool");
+ // [databind#2478]: comons-dbcp, p6spy
+ s.add("org.apache.commons.dbcp.datasources.SharedPoolDataSource");
+ s.add("com.p6spy.engine.spy.P6DataSource");
+
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
}
debian/patches/base-pom.patch
View file @
97e74444
...
...
@@ -11,7 +11,7 @@ Forwarded: not-needed
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index
b031f65..c6660ac
100644
index
95fdb10..4ee8e91
100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
...
...
debian/patches/series
View file @
97e74444
base-pom.patch
CVE-2019-16942-and-CVE-2019-16943.patch