SUSE-SU-2021:0243-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-20210243-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:0243-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:0243-1
Related
Published
2021-01-29T08:37:34Z
Modified
2021-01-29T08:37:34Z
Summary
Security update for jackson-databind
Details

This update for jackson-databind fixes the following issues:

jackson-databind was updated to 2.10.5.1: * #2589: DOMDeserializer: setExpandEntityReferences(false) may not prevent external entity expansion in all cases (CVE-2020-25649, bsc#1177616) * #2787 (partial fix): NPE after add mixin for enum * #2679: 'ObjectMapper.readValue('123', Void.TYPE)' throws 'should never occur'

References

Affected packages

SUSE:Linux Enterprise Module for Development Tools 15 SP2 / jackson-databind

Package

Name
jackson-databind
Purl
purl:rpm/suse/jackson-databind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.5.1-3.3.2

Ecosystem specific

{
    "binaries": [
        {
            "jackson-databind": "2.10.5.1-3.3.2"
        }
    ]
}