jackson-databind_2.8.6-1+deb9u6_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sun Oct 6 09:40:38 BST 2019
Mapping oldstable-security to oldstable-proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 05 Oct 2019 19:21:48 +0200
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source all
Version: 2.8.6-1+deb9u6
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Description:
libjackson2-databind-java - fast and powerful JSON library for Java -- data binding
libjackson2-databind-java-doc - Documentation for jackson-databind
Changes:
jackson-databind (2.8.6-1+deb9u6) stretch-security; urgency=high
.
* Fix CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
CVE-2019-14540, CVE-2019-16335, CVE-2019-16942 and CVE-2019-16943.
Several deserialization flaws were discovered in jackson-databind which
could allow an unauthenticated user to perform code execution. The issue
was resolved by extending the blacklist and blocking more classes from
polymorphic deserialization.
Checksums-Sha1:
f37de219a067f94de5970c6e658df0ae3416bc89 2201 jackson-databind_2.8.6-1+deb9u6.dsc
93a347c8e62a4387c4c939af020a2549d1badb18 10404 jackson-databind_2.8.6-1+deb9u6.debian.tar.xz
6b9386b68e4833cf4a18cd52a13e241bc2fb349b 16547 jackson-databind_2.8.6-1+deb9u6_amd64.buildinfo
e50584913c1ae00ff6bb385a4d25b53359285b3d 1229348 libjackson2-databind-java-doc_2.8.6-1+deb9u6_all.deb
48f932a95b22d324a4265e17119029f7803dd0e0 1155810 libjackson2-databind-java_2.8.6-1+deb9u6_all.deb
Checksums-Sha256:
164fa58d434c857f24d4677d2949f919732ea5c79a1a0cf46a187ee355bdd435 2201 jackson-databind_2.8.6-1+deb9u6.dsc
211a4bb8f8a6fb4c777c1d7ddac55c85ea16127a2aa5e43c836fee333c73c2da 10404 jackson-databind_2.8.6-1+deb9u6.debian.tar.xz
7bc6d709f9cb8881fbb7c401eeb82727b7f647fabc7682dd4e4e94acec6e54db 16547 jackson-databind_2.8.6-1+deb9u6_amd64.buildinfo
86faa5881803c985ac981d1f34039c196474eb936be1c8e63cf7d50d3e825a4c 1229348 libjackson2-databind-java-doc_2.8.6-1+deb9u6_all.deb
28e0e47a0692ceb70c1d06c5f387ae0ab635767a2bd5aa16f2c9c72eb68f136b 1155810 libjackson2-databind-java_2.8.6-1+deb9u6_all.deb
Files:
61406f397c599c430b7a828223816d0d 2201 java optional jackson-databind_2.8.6-1+deb9u6.dsc
244cf4ade6836b518a5fd30ed28d438d 10404 java optional jackson-databind_2.8.6-1+deb9u6.debian.tar.xz
e5a293be127783f81cde372ef5d520f0 16547 java optional jackson-databind_2.8.6-1+deb9u6_amd64.buildinfo
ddf1fabd390386c7a7a7edcf7870581f 1229348 doc optional libjackson2-databind-java-doc_2.8.6-1+deb9u6_all.deb
f50a04954e3c7b87e2918c14ca01a511 1155810 java optional libjackson2-databind-java_2.8.6-1+deb9u6_all.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl2ZkiUACgkQEL6Jg/PV
nWQuuwf/YnncH0EgMDIfNfhQjncVQJDUSrlv/rkmqNgg9v5tSdyp6zhlTj49ldRl
5PyMnuoZMCt1vfngyf5vHr0hdUfn9alR2KWx7m9VqeR6sAE339JlQPp96iR3syQW
Yn3MCIA6jf6inkznYoQeMgYnWUDnqH1MpvNW7WOclxEKx247GiUWVN+n1mc6Z+xD
HjH2jBqlZ6P/jGzbptL4DiWOSpbM6XY5cG4h9Olg7kp0SSZb6HnEfG+gObg25vhG
ZLdyLuN+NEu0/m0mVQNMMcOn6w1ShX9Zv1hNSXObx9BO/ybNgYtP0S2KtfXK1mQZ
Z+yROwxtMfAKqnJ2a2lnfcbW28pqqQ==
=NGsX
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list