!14 fix CVE-2020-36185
From: @wang_yue111 Reviewed-by: @zhanghua1831,@wangchong1995924 Signed-off-by: @wangchong1995924
This commit is contained in:
openeuler-ci-bot
Gitee
commit
61ab470eb7
28
CVE-2020-36185.patch
Normal file
28
CVE-2020-36185.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 2cf1231703fa3a348ada8fa4491c96ee747bf7ed Mon Sep 17 00:00:00 2001
|
||||
From: Tatu Saloranta <tatu.saloranta@iki.fi>
|
||||
Date: Mon, 18 Jan 2021 18:30:47 +0800
|
||||
Subject: [PATCH] Fixed #2998
|
||||
|
||||
---
|
||||
.../jackson/databind/jsontype/impl/SubTypeValidator.java | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
|
||||
index 3e52fb7..9df94ec 100644
|
||||
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
|
||||
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
|
||||
@@ -210,6 +210,11 @@ public class SubTypeValidator
|
||||
// (derivative of #2469)
|
||||
s.add("com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool");
|
||||
|
||||
+ // [databind#2998]: org.apache.tomcat/tomcat-dbcp (embedded dbcp 2.x)
|
||||
+ // (derivative of #2478)
|
||||
+ s.add("org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource");
|
||||
+ s.add("org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource");
|
||||
+
|
||||
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
|
||||
}
|
||||
|
||||
--
|
||||
2.23.0
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: jackson-databind
|
||||
Version: 2.9.8
|
||||
Release: 4
|
||||
Release: 5
|
||||
Summary: General data-binding package for Jackson (2.x)
|
||||
License: ASL 2.0 and LGPLv2+
|
||||
URL: https://github.com/FasterXML/jackson-databind/
|
||||
@ -40,6 +40,7 @@ Patch0031: CVE-2020-24616.patch
|
||||
Patch0032: CVE-2020-25649.patch
|
||||
Patch0033: CVE-2020-35490-CVE-2020-35491.patch
|
||||
Patch0034: CVE-2020-35728.patch
|
||||
Patch0035: CVE-2020-36185.patch
|
||||
|
||||
BuildRequires: maven-local mvn(com.fasterxml.jackson.core:jackson-annotations) >= %{version}
|
||||
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-core) >= %{version}
|
||||
@ -92,6 +93,9 @@ rm src/test/java/com/fasterxml/jackson/databind/ser/jdk/JDKTypeSerializationTest
|
||||
%license LICENSE NOTICE
|
||||
|
||||
%changelog
|
||||
* Mon Jan 18 2021 wangyue <wangyue92@huaweo.com> - 2.9.8-5
|
||||
- fix CVE-2020-36185
|
||||
|
||||
* Mon Jan 11 2021 wangxiao <wangxiao65@huawei.com> - 2.9.8-4
|
||||
- fix CVE-2020-35490 CVE-2020-35491 CVE-2020-35728
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user