fix CVE-2020-36185
This commit is contained in:
wang_yue111
parent
aadb192062
commit
9cf896a790
28
CVE-2020-36185.patch
Normal file
28
CVE-2020-36185.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From 2cf1231703fa3a348ada8fa4491c96ee747bf7ed Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tatu Saloranta <tatu.saloranta@iki.fi>
|
||||||
|
Date: Mon, 18 Jan 2021 18:30:47 +0800
|
||||||
|
Subject: [PATCH] Fixed #2998
|
||||||
|
|
||||||
|
---
|
||||||
|
.../jackson/databind/jsontype/impl/SubTypeValidator.java | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
|
||||||
|
index 3e52fb7..9df94ec 100644
|
||||||
|
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
|
||||||
|
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
|
||||||
|
@@ -210,6 +210,11 @@ public class SubTypeValidator
|
||||||
|
// (derivative of #2469)
|
||||||
|
s.add("com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool");
|
||||||
|
|
||||||
|
+ // [databind#2998]: org.apache.tomcat/tomcat-dbcp (embedded dbcp 2.x)
|
||||||
|
+ // (derivative of #2478)
|
||||||
|
+ s.add("org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource");
|
||||||
|
+ s.add("org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource");
|
||||||
|
+
|
||||||
|
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
||||||
@ -1,6 +1,6 @@
|
|||||||
Name: jackson-databind
|
Name: jackson-databind
|
||||||
Version: 2.9.8
|
Version: 2.9.8
|
||||||
Release: 4
|
Release: 5
|
||||||
Summary: General data-binding package for Jackson (2.x)
|
Summary: General data-binding package for Jackson (2.x)
|
||||||
License: ASL 2.0 and LGPLv2+
|
License: ASL 2.0 and LGPLv2+
|
||||||
URL: https://github.com/FasterXML/jackson-databind/
|
URL: https://github.com/FasterXML/jackson-databind/
|
||||||
@ -40,6 +40,7 @@ Patch0031: CVE-2020-24616.patch
|
|||||||
Patch0032: CVE-2020-25649.patch
|
Patch0032: CVE-2020-25649.patch
|
||||||
Patch0033: CVE-2020-35490-CVE-2020-35491.patch
|
Patch0033: CVE-2020-35490-CVE-2020-35491.patch
|
||||||
Patch0034: CVE-2020-35728.patch
|
Patch0034: CVE-2020-35728.patch
|
||||||
|
Patch0035: CVE-2020-36185.patch
|
||||||
|
|
||||||
BuildRequires: maven-local mvn(com.fasterxml.jackson.core:jackson-annotations) >= %{version}
|
BuildRequires: maven-local mvn(com.fasterxml.jackson.core:jackson-annotations) >= %{version}
|
||||||
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-core) >= %{version}
|
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-core) >= %{version}
|
||||||
@ -92,6 +93,9 @@ rm src/test/java/com/fasterxml/jackson/databind/ser/jdk/JDKTypeSerializationTest
|
|||||||
%license LICENSE NOTICE
|
%license LICENSE NOTICE
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 18 2021 wangyue <wangyue92@huaweo.com> - 2.9.8-5
|
||||||
|
- fix CVE-2020-36185
|
||||||
|
|
||||||
* Mon Jan 11 2021 wangxiao <wangxiao65@huawei.com> - 2.9.8-4
|
* Mon Jan 11 2021 wangxiao <wangxiao65@huawei.com> - 2.9.8-4
|
||||||
- fix CVE-2020-35490 CVE-2020-35491 CVE-2020-35728
|
- fix CVE-2020-35490 CVE-2020-35491 CVE-2020-35728
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user