[jackson-databind] 02/04: Update changelog and patch header.
Markus Koschany
apo at moszumanska.debian.org
Fri Oct 20 13:05:25 UTC 2017
This is an automated email from the git hooks/post-receive script.
apo pushed a commit to branch stretch
in repository jackson-databind.
commit 8917cc87cfe172bad9b32aa8e299bb35100b99f0
Author: Markus Koschany <apo at debian.org>
Date: Wed Oct 18 18:30:58 2017 +0200
Update changelog and patch header.
---
debian/changelog | 8 ++++++++
debian/patches/CVE-2017-7525.patch | 3 +++
2 files changed, 11 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index f9eea3c..43a87f7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+jackson-databind (2.8.6-1+deb9u1) stretch-security; urgency=medium
+
+ * Team upload.
+ * Fix CVE-2017-7525: Deserialization vulnerability via readValue
+ method of ObjectMapper. (Closes: #870848)
+
+ -- Markus Koschany <apo at debian.org> Wed, 18 Oct 2017 18:30:07 +0200
+
jackson-databind (2.8.6-1) unstable; urgency=medium
* Team upload.
diff --git a/debian/patches/CVE-2017-7525.patch b/debian/patches/CVE-2017-7525.patch
index d03a725..b4509d6 100644
--- a/debian/patches/CVE-2017-7525.patch
+++ b/debian/patches/CVE-2017-7525.patch
@@ -2,6 +2,9 @@ From: Markus Koschany <apo at debian.org>
Date: Wed, 18 Oct 2017 18:27:16 +0200
Subject: CVE-2017-7525
+Bug-Upstream: https://github.com/FasterXML/jackson-databind/issues/1599
+Bug-Debian: https://bugs.debian.org/870848
+Origin: https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1
---
.../databind/deser/BeanDeserializerFactory.java | 23 +++++++++++++
.../databind/interop/IllegalTypesCheckTest.java | 40 ++++++++++++++++++++++
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/jackson-databind.git
More information about the pkg-java-commits
mailing list