FEDORA-2018-bbf8c38b51

security update in Fedora 26 for jackson-databind

Status: stable 2 months ago

Security fixes for CVE-2017-17485 and CVE-2018-5968.

Comments 14

This update has been submitted for testing by mbooth.

This update has been pushed to testing.

mbooth edited this update.

New build(s):

  • jackson-databind-2.7.6-7.fc26

Removed build(s):

  • jackson-databind-2.7.6-6.fc26

Karma has been reset.

This update has been submitted for testing by mbooth.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by mbooth.

mbooth edited this update.

New build(s):

  • jackson-databind-2.7.6-8.fc26

Removed build(s):

  • jackson-databind-2.7.6-7.fc26

Karma has been reset.

This update has been submitted for testing by mbooth.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by mbooth.

This update has been submitted for stable by mbooth.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown.

-1 0 +1 Feedback Guidelines
#1528565 CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
#1530463 CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) [fedora-all]
#1538333 CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) [fedora-all]
#1538332 CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)
Is the update generally functional?
Content Type
RPM
Status
stable
Test Gating Status
Tests Passed
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 3 months ago
in testing 3 months ago
in stable 2 months ago
modified 3 months ago

Related Bugs 4

00 #1528565 CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
00 #1530463 CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) [fedora-all]
00 #1538333 CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) [fedora-all]
00 #1538332 CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)

Automated Test Results