jackson-databind_2.9.8-3_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Jun 22 00:20:03 BST 2019
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Jun 2019 00:28:48 +0200
Source: jackson-databind
Architecture: source
Version: 2.9.8-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Closes: 930750
Changes:
jackson-databind (2.9.8-3) unstable; urgency=medium
.
* Team upload.
* Fix CVE-2019-12814 and CVE-2019-12384:
More Polymorphic Typing issues were discovered in jackson-databind. When
Default Typing is enabled (either globally or for a specific property) for
an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x or
logback-core jar in the classpath, an attacker can send a specifically
crafted JSON message that allows them to read arbitrary local files on the
server. (Closes: #930750)
Checksums-Sha1:
a74b7dbaa7c97126f29a8a594cdc82835f41d84c 2679 jackson-databind_2.9.8-3.dsc
fca576cf5ece46791d38f5a04eee6c9e6507d823 5580 jackson-databind_2.9.8-3.debian.tar.xz
6024e37037d977a4b511c4b59e7124ef098df15d 17597 jackson-databind_2.9.8-3_amd64.buildinfo
Checksums-Sha256:
3c665283c212204ccc57dd4173f3387905f05382b08ebe9c2f32fccbce058f2f 2679 jackson-databind_2.9.8-3.dsc
bf18b8579ec4eb3f4a38fbb27b719ea4598f507aa7be0ff2977dbb8feb05dac4 5580 jackson-databind_2.9.8-3.debian.tar.xz
ecec131838c3a09a2881ab4b778284494d8b67321863ba4fe3472fe374563540 17597 jackson-databind_2.9.8-3_amd64.buildinfo
Files:
46151556b971474c3cb2a4f4607d9571 2679 java optional jackson-databind_2.9.8-3.dsc
ffe08ef14a4fe96ff617ad9e97c545ae 5580 java optional jackson-databind_2.9.8-3.debian.tar.xz
a61fa98f99ed7e4565e9f46eccf61692 17597 java optional jackson-databind_2.9.8-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0NXeFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkkrgQAK+yREzk5E9hMh/rL3aMbpDk3ff1ffnbJyGg
YB/r86a3MkJx5WiFBLFVpql2B8lXUMy0ls190kJx4GBe7xbqzFmTNsQcvLHoVSwy
iA2SKdksOCNE0Yp0fUoxmopWGz6Dv899P27gpo7ioufO0+WHC4HI1ERB8tbT6fk+
G7XjK+jsTasrbzt75f0/t8zg0zw79dUtC9HGpQKpYWoehw9NJ4BKixJTvnNRRH1B
dd08cmyAsjTAlRTiy3OU7OzPjN/sMAUvf2Jwhi0qcWaWldDwnZia2fmNDFYf1g0/
yEx681jgbq7PdqnlCB2q9g4wtl2Wj8Fb2l04U0xGIJoH9OnoM2h4FpLaJsJ48aLO
rAdIasT8bOUcO72UI8RCQyphM8cbSqmrAeeM5QYXr4VhqWglCrmDSYD3E8+wGo6E
eKAy3jyjfSu4KoD/SSLyfrnGnQ6/BRQJnKszWx/Mnv/7A03kvvSMy2zkZe96v7Ti
OjMDZQWKtO3SAB9WZXYdfvLxte/cqyytqwarfI6CGUHygybE7sNhyshPXkVfJVX1
8G04ECYn+fmsUqW7GP0y2P4bwnd1w0rifItJ7HLq8J86mnLwe5xMz64mVUfH0QW+
lwSsRcAsuP1kRu3T/YbULDnzBAX6eTeCumYngTaJsBcANrthMMYUZ5j9whAeH9WL
XbeR7uHX
=6iy5
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list