rpms / rh-maven35-jackson-databind

Clone
Source Code
GIT

Blame SOURCES/CVE-2018-19361.patch

c7
  1.   198d590f500c4d507c65f9f528489d4ea386f9c6
  2.   SOURCES
  3.   CVE-2018-19361.patch
Blob History Raw
198d59 
From 568e26502f2b20b5d60d832b6098c7efe6a37d50 Mon Sep 17 00:00:00 2001
198d59 
From: Mikolaj Izdebski <mizdebsk@redhat.com>
198d59 
Date: Tue, 2 Apr 2019 13:59:58 +0200
198d59 
Subject: [PATCH 13/14] CVE-2018-19361
198d59
198d59 
---
198d59 
 .../jackson/databind/jsontype/impl/SubTypeValidator.java       | 3 +++
198d59 
 1 file changed, 3 insertions(+)
198d59
198d59 
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
198d59 
index 686ed1d42..8b3319b54 100644
198d59 
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
198d59 
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
198d59 
@@ -67,6 +67,9 @@ public class SubTypeValidator
198d59 
         s.add("org.apache.axis2.jaxws.spi.handler.HandlerResolverImpl");
198d59 
         // CVE-2018-19360
198d59 
         s.add("org.apache.axis2.transport.jms.JMSOutTransportInfo");
198d59 
+        // CVE-2018-19361
198d59 
+        s.add("org.apache.openjpa.ee.RegistryManagedRuntime");
198d59 
+        s.add("org.apache.openjpa.ee.JNDIManagedRuntime");
198d59 
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
198d59 
     }
198d59
198d59 
--
198d59 
2.20.1
198d59

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation