From b9fe0a3e46057ce78b493be9fb50c0b7812fde95 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 8 Apr 2020 22:01:49 +0200
Subject: Mark several jackson-databind issues as no-dsa

---
 data/CVE/list.2019 | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'data/CVE/list.2019')

diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index ab1e3bdf9f..c5c64b4146 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -765,6 +765,8 @@ CVE-2019-20331
 CVE-2019-20330 (FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.eh ...)
 	{DLA-2111-1}
 	- jackson-databind 2.10.1-1
+	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2526
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e
 CVE-2019-20329 (OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL serv ...)
@@ -7865,6 +7867,8 @@ CVE-2019-17532 (An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.
 CVE-2019-17531 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
 	{DLA-2030-1}
 	- jackson-databind 2.10.1-1
+	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2498
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/b5a304a98590b6bb766134f9261e6566dcbbb6d0
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -8446,6 +8450,8 @@ CVE-2019-17268 (The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on
 CVE-2019-17267 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
 	{DLA-2030-1}
 	- jackson-databind 2.10.0-1
+	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2460
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2ddddb77edd895ee756b7f75eb
 CVE-2019-17266 (libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer ove ...)
-- 
cgit v1.2.3