Add CVE-2020-24750

author: Salvatore Bonaccorso <carnil@debian.org> 2020-09-19 13:46:26 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-09-19 13:46:26 +0200
commit: e8d2e30af8a22d20cf2080b6a883f65d300aebb6 (patch)
tree: 1c360b6a2d5e7e23865a88c493b85f88fc699cf8
parent: 1d23189b39ab0262f5f9de80adf2ea23f0d83ca4 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 1f75abcb67..db710d0770 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -2161,7 +2161,11 @@ CVE-2020-24752
 CVE-2020-24751
 	RESERVED
 CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
-	TODO: check
+	- jackson-databind <unfixed>
+	[buster] - jackson-databind <no-dsa> (Minor issue)
+	NOTE: https://github.com/FasterXML/jackson-databind/issues/2798
+	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+	NOTE: but still an issue when Default Typing is enabled.
 CVE-2020-24749
 	RESERVED
 CVE-2020-24748
author	Salvatore Bonaccorso <carnil@debian.org>	2020-09-19 13:46:26 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-09-19 13:46:26 +0200
commit	e8d2e30af8a22d20cf2080b6a883f65d300aebb6 (patch)
tree	1c360b6a2d5e7e23865a88c493b85f88fc699cf8
parent	1d23189b39ab0262f5f9de80adf2ea23f0d83ca4 (diff)