From 4902d30cfe83d280f7d6a823501523387ab923f5 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Oct 05 2020 14:49:46 +0000
Subject: import rh-maven35-jackson-databind-2.7.6-2.11.el7


---

diff --git a/SOURCES/CVE-2020-24750.patch b/SOURCES/CVE-2020-24750.patch
new file mode 100644
index 0000000..6410443
--- /dev/null
+++ b/SOURCES/CVE-2020-24750.patch
@@ -0,0 +1,27 @@
+From 92b8edd6c417c3821da2ecf267ed0f2295533076 Mon Sep 17 00:00:00 2001
+From: Marian Koncek <mkoncek@redhat.com>
+Date: Fri, 25 Sep 2020 13:20:31 +0200
+Subject: [PATCH] CVE-2020-24750
+
+---
+ .../jackson/databind/jsontype/impl/SubTypeValidator.java      | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+index 709a947..f44b2d3 100644
+--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
++++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+@@ -114,6 +114,10 @@ public class SubTypeValidator
+         // [databind#2682]: commons-jelly
+         s.add("org.apache.commons.jelly.impl.Embedded");
+ 
++        // CVE-2020-24750
++        // [databind#2798]: com.pastdev.httpcomponents:
++        s.add("com.pastdev.httpcomponents.configuration.JndiConfiguration");
++
+         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
+     }
+ 
+-- 
+2.26.2
+
diff --git a/SPECS/jackson-databind.spec b/SPECS/jackson-databind.spec
index 36c6d6f..7361992 100644
--- a/SPECS/jackson-databind.spec
+++ b/SPECS/jackson-databind.spec
@@ -3,7 +3,7 @@
 
 Name:          %{?scl_prefix}jackson-databind
 Version:       2.7.6
-Release:       2.10%{?dist}
+Release:       2.11%{?dist}
 Summary:       General data-binding package for Jackson (2.x)
 License:       ASL 2.0 and LGPLv2+
 URL:           http://wiki.fasterxml.com/JacksonHome
@@ -28,6 +28,7 @@ Patch16:       CVE-2019-17531.patch
 Patch17:       CVE-2020_10969-11113-10968-11111-11112.patch
 Patch18:       CVE-2020-11619.patch
 Patch19:       CVE-2020-11620.patch
+Patch20:       CVE-2020-24750.patch
 
 BuildRequires: %{?scl_prefix}maven-local
 BuildRequires: %{?scl_prefix}mvn(com.fasterxml.jackson:jackson-parent:pom:)
@@ -72,6 +73,7 @@ This package contains javadoc for %{pkg_name}.
 %patch17 -p1
 %patch18 -p1
 %patch19 -p1
+%patch20 -p1
 
 cp -p src/main/resources/META-INF/LICENSE .
 cp -p src/main/resources/META-INF/NOTICE .
@@ -110,6 +112,10 @@ rm src/test/java/com/fasterxml/jackson/databind/ser/TestJdkTypes.java \
 %license LICENSE NOTICE
 
 %changelog
+* Fri Sep 25 2020 Marian Koncek <mkoncek@redhat.com> - 2.7.6-2.11
+- Fix security vulnerabilities
+- Resolves: CVE-2020-24750
+
 * Mon May 18 2020 Joe Orton <jorton@redhat.com> - 2.7.6-2.10
 - Resolves: CVE-2020-11619, CVE-2020-11620