Blame SOURCES/CVE-2020_10969-11113-10968-11111-11112.patch

bf6241
From bf46ec885b33473077c15e4b46d0ae29c66c1c47 Mon Sep 17 00:00:00 2001
bf6241
From: Marian Koncek <mkoncek@redhat.com>
bf6241
Date: Tue, 14 Apr 2020 15:17:34 +0200
bf6241
Subject: [PATCH] CVE-2020-10969, CVE-2020-11113, CVE-2020-10968,
bf6241
 CVE-2020-11111, CVE-2020-11112
bf6241
bf6241
---
bf6241
 .../jsontype/impl/SubTypeValidator.java       | 21 +++++++++++++++++++
bf6241
 1 file changed, 21 insertions(+)
bf6241
bf6241
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
bf6241
index 907adcd..789be7b 100644
bf6241
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
bf6241
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
bf6241
@@ -86,6 +86,27 @@ public class SubTypeValidator
bf6241
         s.add("org.apache.log4j.receivers.db.DriverManagerConnectionSource");
bf6241
         s.add("org.apache.log4j.receivers.db.JNDIConnectionSource");
bf6241
 
bf6241
+        // CVE-2020-10969
bf6241
+        // [databind#2642]: javax.swing (jdk)
bf6241
+        s.add("javax.swing.JEditorPane");
bf6241
+
bf6241
+        // CVE-2020-11113
bf6241
+        // [databind#2670]
bf6241
+        s.add("org.apache.openjpa.ee.WASRegistryManagedRuntime");
bf6241
+
bf6241
+        // CVE-2020-10968
bf6241
+        // [databind#2662]: aoju/bus-proxy
bf6241
+        s.add("org.aoju.bus.proxy.provider.RmiProvider");
bf6241
+        s.add("org.aoju.bus.proxy.provider.remoting.RmiProvider");
bf6241
+
bf6241
+        // CVE-2020-11111
bf6241
+        // [databind#2664]: activemq-jms
bf6241
+        s.add("org.apache.activemq.jms.pool.XaPooledConnectionFactory");
bf6241
+
bf6241
+        // CVE-2020-11112
bf6241
+        // [databind#2666]: apache/commons-jms
bf6241
+        s.add("org.apache.commons.proxy.provider.remoting.RmiProvider");
bf6241
+
bf6241
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
bf6241
     }
bf6241
 
bf6241
-- 
bf6241
2.25.2
bf6241