commit patchinfo.15700 for openSUSE:Leap:15.2:Update
![](https://seccdn.libravatar.org/avatar/128a7b98d536a9cf9b4d4d5a90d63475.jpg?s=120&d=mm&r=g)
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package patchinfo.15700 for openSUSE:Leap:15.2:Update checked in at 2021-02-01 14:11:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/patchinfo.15700 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.patchinfo.15700.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.15700" Mon Feb 1 14:11:40 2021 rev:1 rq:867695 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="15700"> <issue tracker="cve" id="2021-20190"/> <issue tracker="cve" id="2020-35728"/> <issue tracker="cve" id="2020-25649"/> <issue tracker="bnc" id="1181118">VUL-0: CVE-2021-20190: jackson-databind: SSRF due to mishandling interaction between serialization gadgets and typing</issue> <issue tracker="bnc" id="1180391">VUL-0: CVE-2020-35728: jackson-databind: mishandles the interaction between serialization gadgets and typing</issue> <issue tracker="bnc" id="1177616">VUL-0: CVE-2020-25649: jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)</issue> <packager>fstrba</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for jackson-databind</summary> <description>This update for jackson-databind fixes the following issues: jackson-databind was updated to 2.10.5.1: * #2589: `DOMDeserializer`: setExpandEntityReferences(false) may not prevent external entity expansion in all cases (CVE-2020-25649, bsc#1177616) * #2787 (partial fix): NPE after add mixin for enum * #2679: 'ObjectMapper.readValue("123", Void.TYPE)' throws "should never occur" This update was imported from the SUSE:SLE-15-SP2:Update update project.</description> </patchinfo>
participants (1)
-
Source-Sync