Oval Definition:oval:org.opensuse.security:def:111200
Revision Date:2021-02-01Version:1
Title:Security update for jackson-databind (Moderate)
Description:

This update for jackson-databind fixes the following issues:

jackson-databind was updated to 2.10.5.1: * #2589: `DOMDeserializer`: setExpandEntityReferences(false) may not prevent external entity expansion in all cases (CVE-2020-25649, bsc#1177616) * #2787 (partial fix): NPE after add mixin for enum * #2679: 'ObjectMapper.readValue('123', Void.TYPE)' throws 'should never occur'

This update was imported from the SUSE:SLE-15-SP2:Update update project.
Family:unixClass:patch
Status:Reference(s):1177616
1180391
1181118
CVE-2020-25649
CVE-2020-35728
CVE-2021-20190
Platform(s):openSUSE Leap 15.2
Product(s):
Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • jackson-databind-2.10.5.1-lp152.2.3.1 is installed
  • OR jackson-databind-javadoc-2.10.5.1-lp152.2.3.1 is installed
    • BACK