jackson-databind_2.9.8-3+deb10u2_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Thu Jul 9 20:17:32 BST 2020
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 09 Jul 2020 17:21:32 +0200
Source: jackson-databind
Architecture: source
Version: 2.9.8-3+deb10u2
Distribution: buster
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Changes:
jackson-databind (2.9.8-3+deb10u2) buster; urgency=medium
.
* Add multiple-CVE-BeanDeserializerFactory.patch and block more classes from
polymorphic deserialization.
This fixes 20 CVE that currently affect the package namely,
CVE-2020-9548, CVE-2020-9547, CVE-2020-9546, CVE-2020-8840, CVE-2020-14195,
CVE-2020-14062, CVE-2020-14061, CVE-2020-14060, CVE-2020-11620,
CVE-2020-11619, CVE-2020-11113, CVE-2020-11112, CVE-2020-11111,
CVE-2020-10969, CVE-2020-10968, CVE-2020-10673, CVE-2020-10672,
CVE-2019-20330, CVE-2019-17531 and CVE-2019-17267.
Checksums-Sha1:
b51dd344ef7db675de12333763aecdc778fcfd48 2711 jackson-databind_2.9.8-3+deb10u2.dsc
910afe8ef150114dcf41088886b1d5509aebfa5c 7568 jackson-databind_2.9.8-3+deb10u2.debian.tar.xz
63db361fac9e1d14824a7a9d776789c87219ed67 16881 jackson-databind_2.9.8-3+deb10u2_amd64.buildinfo
Checksums-Sha256:
beefdcbe55f18d03a823f15ba5f604327b760174f7179454180dbb4e31ba7133 2711 jackson-databind_2.9.8-3+deb10u2.dsc
f70968ed48cbba9f9adfc5d3f963c8378b95597b496733462aee9735fc4b70ab 7568 jackson-databind_2.9.8-3+deb10u2.debian.tar.xz
7fbbf7699811da7b7fd1bc8011ba40e6c30f41e2770e6b73329c23486c173195 16881 jackson-databind_2.9.8-3+deb10u2_amd64.buildinfo
Files:
47ea01ce64b92fe9e6c2797a42b0ac34 2711 java optional jackson-databind_2.9.8-3+deb10u2.dsc
d2d69550f4a1dcc3079431dd5febb8e6 7568 java optional jackson-databind_2.9.8-3+deb10u2.debian.tar.xz
1cad2ba9cdde3ae49f7b8bfb1c82b1ef 16881 java optional jackson-databind_2.9.8-3+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl8HOOtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkUBwP/1+Nc5bbE6jx9HlL9OVj+1edIUo1KYEEeEHs
/5QSK+Ysh6Wl0ZlfRSy6hF1ZkremooBzPsq1lwUtp9MJ/Z33TwIUt94hTL3318Eg
4YiCy2sQb+xsGwCa5u0LLDgFCoDWzJviZedm48CgBuSGApSuhn/xOeDs2N69VFM6
yotC7lC1Uv+/gosYQD3Alt93QEkl3W+euwvwUw35WdSgjGd4it8oCmp7k9F9+6ra
XGNTlqnMam1nqvKVpXkeJpZhDwP9MgRU7Nb0W9eB5XywqKfOqsgwM/ts6IF5imkj
WZtHccQaOch63MJSP3IXQTLe5fRS73p22OZJLSGHFzWbpP66ezPooJGgnoREwYVy
udly5CGXtKRCfdFYAYWQyq4BY2cod3ulnrviKo0b9m3oYl0MgcwGs3lGtfDs6emZ
LiGU/bWomEJkKjCHLZI5AnJu19R+mPCMkerLQ50lxcvWcZx0AVlcs4Xbv6xW6wdJ
C7s+yyPz3Vsee4sgoUb2eNtV65yGQgJQyWhNxT2TWRdLZiVJA5kMIGE3HhFm3fnr
yAaOrPouozrOP3LrkGT2SfBqnVJ+CjiutWUfxFj34aWF3llt257XNuNKQFa9WVvN
caln10h2WjDQVV+vT3SScaudycF7KYep6HpMkpukKFEGJPEXxpmAvF5PxpvPCkPw
RPQpxnQZ
=9Zem
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list