Bug#941530: jackson-databind: CVE-2019-16942 CVE-2019-16943

[Sébastien Delafond]

On 02/10 09:43, Salvatore Bonaccorso wrote:
> Whilst I'm not yet sure if we should really release a futher DSA for
> jackson-databind (we will come back to you on that), a possible idea
> for bullseye (might be better cloned/filled as new bug, but want to
> mention it here already):

Let's do a DSA for this one. For future issues, we can choose to decide
on DSA vs. point release on a case-by-case basis, depending on severity.

Cheers,

-- 
Seb