[SECURITY] [DLA 2111-1] jackson-databind security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : jackson-databind
Version : 2.4.2-2+deb8u11
CVE ID : CVE-2019-20330 CVE-2020-8840
It was found that jackson-databind, a Java library used to parse JSON and
other data formats, could deserialize data without proper validation,
allowing a maliciously client to perform remote code execution on a
service with the required characteristics.
For Debian 8 "Jessie", these problems have been fixed in version
2.4.2-2+deb8u11.
We recommend that you upgrade your jackson-databind packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5Oqe0ACgkQnUbEiOQ2
gwLYqw//e1XLJ1OluHoMmrM/STWiS2xV3LU9LMLX4smVl0hyhOHp5ASVEFVUt7jy
Djfm8x1HWpzsOJc1CZWhdp8Fo8Ya3M30WQy9C2xxe13/EQivATSw1az7vSG6Rav4
vNE71hGGe8Gcj36ZDIsA7uBBuAn3UnU0oObAKuYv41hzhOlKTmWPqIdjee3juOpL
CLiXuqSTAgG6G/FnwU4rGMWZf6SXWsl+UxHmpP0QqJQqqacYDgQ1yj1UAEOY4+6b
gEhvrqkY6bmRc0wmDnGc/LaUQQy7Ag3WRaee5Q7hwjEQuzfwWVazE2YUvoNurUd9
+FfXRFaClJ0W6cUVcjH8/HzamboFu481t76y6yTlB35ghmCqsnTozDiHZ5HuIFJr
HzODt0CP2sNyHRCcuTvMfXcZzOGTzUipX/zriRMar3KuAYnLqBwilpBtnsOAwC+Q
VQLXqsO/5sNioCQhhvnmY144fit7JXF+VD6UWCySenQfoLJZqVqlL/N5IDJfpVDI
I6BTdK2jJBb4bpiYru3WweShxisB8/Rsq9DexIE6d9BCK2sU1NJmls+hRKTsOR4H
a+mDZlcyFwVMaylCm15Izejgg7svY06f+GFLpWhlcOzVvpdYfXChB1g6l8DYINEa
OLK/IZU6b07/q6nRWBvd68btR4+hkMYa5HAwwsQ3q/fKqj6ZBpA=
=EuIx
-----END PGP SIGNATURE-----
Reply to: