[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2342-1] libjackson-json-java security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2342-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                                     
August 24, 2020                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libjackson-json-java
Version        : 1.9.2-8+deb9u1
CVE ID         : CVE-2017-7525 CVE-2019-10172

Several vulnerabilities were fixed in libjackson-json-java,
a Java JSON processor.

CVE-2017-7525

    Jackson Deserializer security vulnerability.

CVE-2017-15095

    Block more JDK types from polymorphic deserialization.

CVE-2019-10172

    XML external entity vulnerabilities.

For Debian 9 stretch, these problems have been fixed in version
1.9.2-8+deb9u1.

We recommend that you upgrade your libjackson-json-java packages.

For the detailed security status of libjackson-json-java please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libjackson-json-java

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl9Dh7QACgkQiNJCh6LY
mLEYvQ/9EZ5MYjNVVx71AqM8ft1utdXR/Mxd4pVN8Uo3+sqU1RWcdtmFE8cCtrVe
luA63rXDV5OwpouZGCNi5phMtfvjUr00cIfYCuAQ/DiQjXhZCLjxnIafpIQZDbqk
HkBG2LTDQeaCs3mwvYiDzpFJTsfyZ4hlKfyCfwnMqDAksbSRTgnC9x/yxBTnXTzU
LgpZeKdJQmtUjFyzyazpd0/attSiBxM6/jhZJIj5Qjq89aTANg+/c7Jno+8je32/
mPSxNFBS5Ab1qgFF7fXrqp6ZVSAqCRC3nLpnQz43AmAe2c6Kx8osjU5LA+1+VzZJ
9u6t/4dpMONVtKI1XFEdvORVwdyLO0EuPVAQWmVZIAWfDvruXw6gA+HHXIzoxykJ
nLnmqE5T1rdFVNlW/B/v4m7iTHBuMl58n8e/DR6iXqu/DQNxcKAk3EIKiCcF3iZ+
HOfNzkPFK+7f//TSWxn1D5klnGlZcZFufcGbzKWXTJptzYiYdKNaFsRvxWRsKXcX
o8b+6pNpJ6z38KdH06qICCj6hupqiUlrMed53vtxSWOq17D81fxYaX2f3Fy9bSl7
eqc1Ha6h4lQUgZB7hW4FGyAEkE7h437B85Y7Me5q09RNWzZLPx6FAmTwNUmnStRn
W039r0rrprfruTMZtq78hfyff5sJaJ5FL5omdGt2D0FPD/WD6Qo=
=Jgzx
-----END PGP SIGNATURE-----


Reply to: