From ad4f89c3b60e0262fbd47c4e48c401a54efe81a9 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 19 Jan 2021 07:30:44 +0100
Subject: Add CVE-2021-20190/jackson-databind

---
 data/CVE/list | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/data/CVE/list b/data/CVE/list
index 90dadb7fd3..0da572357b 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11967,6 +11967,12 @@ CVE-2021-20191
 	NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227
 CVE-2021-20190
 	RESERVED
+	- jackson-databind 2.12.1-1
+	[buster] - jackson-databind <no-dsa> (Minor issue)
+	NOTE: https://github.com/FasterXML/jackson-databind/issues/2854
+	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+	NOTE: but still an issue when Default Typing is enabled.
+	NOTE: https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a
 CVE-2021-20189
 	REJECTED
 CVE-2021-20188
-- 
cgit v1.2.3