rpms / rh-maven35-jackson-databind

Clone
Source Code
GIT

Blame SOURCES/CVE-2019-12384.patch

c7
  1.   6a8cc2a428154e9870ab9b8af584ee6ec3ea9cff
  2.   SOURCES
  3.   CVE-2019-12384.patch
Blob History Raw
f4ade6 
From c9ef4a10d6f6633cf470d6a469514b68fa2be234 Mon Sep 17 00:00:00 2001
f4ade6 
From: Tatu Saloranta <tatu.saloranta@iki.fi>
f4ade6 
Date: Wed, 12 Jun 2019 22:20:12 -0700
f4ade6 
Subject: [PATCH] Fix #2334
f4ade6
f4ade6 
diff -uap jackson-databind-jackson-databind-2.7.6/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java.orig jackson-databind-jackson-databind-2.7.6/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
f4ade6 
--- jackson-databind-jackson-databind-2.7.6/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java.orig	2019-07-10 09:33:56.504230811 +0100
f4ade6 
+++ jackson-databind-jackson-databind-2.7.6/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java	2019-07-10 09:37:41.094929667 +0100
f4ade6 
@@ -72,6 +72,10 @@ public class SubTypeValidator
f4ade6 
         s.add("org.apache.openjpa.ee.JNDIManagedRuntime");
f4ade6 
         // CVE-2018-19362
f4ade6 
         s.add("org.jboss.util.propertyeditor.DocumentEditor");
f4ade6 
+
f4ade6 
+        // [databind#2334] (2.9.9.1): logback-core
f4ade6 
+        s.add("ch.qos.logback.core.db.DriverManagerConnectionSource");
f4ade6 
+
f4ade6 
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
f4ade6 
     }
f4ade6

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation