[Bug 1165422] VUL-1: CVE-2020-9548: jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).

http://bugzilla.opensuse.org/show_bug.cgi?id=1165422 http://bugzilla.opensuse.org/show_bug.cgi?id=1165422#c1 Wolfgang Frisch changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #1 from Wolfgang Frisch --- This issue does not affect version 2.10.0 and later. [1] Tumbleweed and Leap 15.2 ship jackson-databind version 2.10.2. [1] https://github.com/FasterXML/jackson-databind/issues/2634 -- You are receiving this mail because: You are on the CC list for the bug.