Blame SOURCES/CVE-2018-12022.patch

198d59
From d4689ae4bae7e451b9a6e8720aa0e4f58ca2e2bc Mon Sep 17 00:00:00 2001
198d59
From: Mikolaj Izdebski <mizdebsk@redhat.com>
198d59
Date: Tue, 2 Apr 2019 13:57:10 +0200
198d59
Subject: [PATCH 06/14] CVE-2018-12022
198d59
198d59
---
198d59
 .../jackson/databind/jsontype/impl/SubTypeValidator.java        | 2 ++
198d59
 1 file changed, 2 insertions(+)
198d59
198d59
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
198d59
index c8457b29e..e325f2736 100644
198d59
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
198d59
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
198d59
@@ -52,6 +52,8 @@ public class SubTypeValidator
198d59
         s.add("com.sun.org.apache.bcel.internal.util.ClassLoader");
198d59
         // CVE-2018-11307
198d59
         s.add("org.apache.ibatis.parsing.XPathParser");
198d59
+        // CVE-2018-12022
198d59
+        s.add("jodd.db.connection.DataSourceConnectionProvider");
198d59
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
198d59
     }
198d59
 
198d59
-- 
198d59
2.20.1
198d59