FEDORA-2018-e4b025841e

security update in Fedora 27 for jackson-databind

Status: stable 2 years ago

Security fixes for CVE-2017-17485 and CVE-2018-5968.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-e4b025841e

Comments 15

This update has been submitted for testing by mbooth.

This update has been pushed to testing.

works for me

karma: +1

mbooth edited this update.

New build(s):

  • jackson-databind-2.7.6-7.fc27

Removed build(s):

  • jackson-databind-2.7.6-6.fc27

Karma has been reset.

This update has been submitted for testing by mbooth.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by mbooth.

mbooth edited this update.

New build(s):

  • jackson-databind-2.7.6-8.fc27

Removed build(s):

  • jackson-databind-2.7.6-7.fc27

Karma has been reset.

This update has been submitted for testing by mbooth.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by mbooth.

This update has been submitted for stable by mbooth.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 4

00 #1528565 CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
00 #1530463 CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) [fedora-all]
00 #1538332 CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)
00 #1538333 CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) [fedora-all]

Automated Test Results