[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted jackson-databind 2.4.2-2+deb8u5 (source all) into oldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 04 Mar 2019 10:30:09 +0100
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source all
Version: 2.4.2-2+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data binding
 libjackson2-databind-java-doc - Documentation for jackson-databind
Changes:
 jackson-databind (2.4.2-2+deb8u5) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
     CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
     CVE-2018-19361 and CVE-2018-19362.
     Several deserialization flaws were discovered in jackson-databind which
     could allow an unauthenticated user to perform code execution. The issue
     was resolved by extending the blacklist and blocking more classes from
     polymorphic deserialization.
Checksums-Sha1:
 0acda95edd6e755b3ecfc55d234adfeae5b97a2b 2691 jackson-databind_2.4.2-2+deb8u5.dsc
 f87ceb854ad19508eb4b9d97a369cd7023b51221 10316 jackson-databind_2.4.2-2+deb8u5.debian.tar.xz
 7e90a56108dbb4333832d58e0b7b0f20d4e961f4 986992 libjackson2-databind-java_2.4.2-2+deb8u5_all.deb
 9c47545c07e3f45f3a0bc899b8b0d7532460a7d8 4748130 libjackson2-databind-java-doc_2.4.2-2+deb8u5_all.deb
Checksums-Sha256:
 8238342f554d307d52bf50a2e39d4d777855ed7d1f5b2758dc83d68c9cfe72f3 2691 jackson-databind_2.4.2-2+deb8u5.dsc
 8d2f7dd7f5facfea25cc4b2a80fdbdb1a413b2bbf8c7000e167a034e0a0a12fc 10316 jackson-databind_2.4.2-2+deb8u5.debian.tar.xz
 09a3d7a7cb9848d60cbc7a08f330921ff5d1dcc99f26333b3db84b6b537cb2b5 986992 libjackson2-databind-java_2.4.2-2+deb8u5_all.deb
 8bf0ecf5437626db9c0ec4307d969e063195f4f009f08d58631b7bb0d37a4226 4748130 libjackson2-databind-java-doc_2.4.2-2+deb8u5_all.deb
Files:
 f786b0bc50a0c3c86b553658d8365ab3 2691 java optional jackson-databind_2.4.2-2+deb8u5.dsc
 7d213399d23387f21b70569e0a78a405 10316 java optional jackson-databind_2.4.2-2+deb8u5.debian.tar.xz
 d6e5cd84ac5e09b7de2f3e60c965667c 986992 java optional libjackson2-databind-java_2.4.2-2+deb8u5_all.deb
 49aa611b4073fd93c48059028338f1ba 4748130 doc optional libjackson2-databind-java-doc_2.4.2-2+deb8u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlx9Bc1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkz0gQAIKLwh29sBqkkuDgDoCiPhy5YgkD4zjm4BDZ
tvDSCWBuTQCzBE5IEECeb5VdOsfMPpnOhrZdqI/oHtvALirXhAzm257y6gAtCgCI
K4ceILf1acFXR+jpqIMnY0jdj96mHTzCGbTgLF6wRcDz+OP1HF+swJpZS2ihk058
DD2tJ9FZxcvqY9ovP9D5vKKOeyZqtaeSqwLJ/vPPrLP8y/0oWSbEAzhmBNE+pKdo
ebJwtlMpLoHnNuRhw7rL/104IaLf0dAZulljbcmJT7QqqXLi8BUXG36JS5v22kHm
gpJYRceM6QtiNkoC4BxRrHxuFt2cm77Tpx12H1vjntGBR7L2btREQe/Ll9y2FPda
gg3xYzZ6fKdi1QHHo7eONDcL4xq/qi+CF5FsMm8uhkrSqk9fjI6EJt9+hftdgtRS
fWzmeUVS84yBOdHQTUwmH6Fp89jOJyJC5GwkvcAQznTl/Z0HhWoIh3/3GVVLLjRo
s6VKwQ0Jw0SDJ80J5ThOYuVTdJmfDO3pXyXLKmlMSBly0GlBAJhl/9Xf4YLd7Xe1
a6/Bxnxo+9V0CCQU+OUI6Hq5UqClqEgYFRC8SykGMWy+eblHUYfH9gYlg1Qv7L7i
RnE5HL11osgAGCTOIqmG0yoE30qRff8Nuda4oPG6SyBbxIRIfdW0gV14vL+SdD1o
Xv/nCz5U
=Zx9c
-----END PGP SIGNATURE-----
Reply to: