[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted jackson-databind 2.4.2-2+deb8u9 (source all) into oldoldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 02 Oct 2019 21:36:21 +0200
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source all
Version: 2.4.2-2+deb8u9
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data binding
 libjackson2-databind-java-doc - Documentation for jackson-databind
Changes:
 jackson-databind (2.4.2-2+deb8u9) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2019-14540, CVE-2019-16335, CVE-2019-16942 and CVE-2019-16943.
     Deserialization flaws were discovered in jackson-databind relating to
     com.zaxxer.hikari.HikariConfig, com.zaxxer.hikari.HikariDataSource,
     commons-dbcp and com.p6spy.engine.spy.P6DataSource, which could allow an
     unauthenticated user to perform remote code execution. The issue was
     resolved by extending the blacklist and blocking more classes from
     polymorphic deserialization.
Checksums-Sha1:
 a006955a518980e131a1d9a5d8063e833df23e10 2691 jackson-databind_2.4.2-2+deb8u9.dsc
 7fceb674852fbd91daec6f878e409eeb8f617474 12036 jackson-databind_2.4.2-2+deb8u9.debian.tar.xz
 84974bde19f0edfecd5b5351b20e71c32b784b6b 987756 libjackson2-databind-java_2.4.2-2+deb8u9_all.deb
 fa0f054ee5e220c95d232d3e2e435312bc4c6ab0 4743850 libjackson2-databind-java-doc_2.4.2-2+deb8u9_all.deb
Checksums-Sha256:
 f7a05cc38f9ee4d9778e8c7aa4d7cbeb1824387849bea588f1f62625110170fe 2691 jackson-databind_2.4.2-2+deb8u9.dsc
 f5b9374cf02b2c19411275cbad2f669271e1eeed10eea868df133554e92c07e1 12036 jackson-databind_2.4.2-2+deb8u9.debian.tar.xz
 43af9463c6b0bcf20d2944bf088a3b9b609c0f2f80d82d6a140e66100914289d 987756 libjackson2-databind-java_2.4.2-2+deb8u9_all.deb
 64311ce46e1e5e9e068a5e685d68f55863b475bd83d141a6d9cfb1c698d592cd 4743850 libjackson2-databind-java-doc_2.4.2-2+deb8u9_all.deb
Files:
 4ffc12233765570d3d2ca979fd86bd1f 2691 java optional jackson-databind_2.4.2-2+deb8u9.dsc
 92fddfbe7726055ec0a2c0ce66943762 12036 java optional jackson-databind_2.4.2-2+deb8u9.debian.tar.xz
 e0c42e490609be5e452effc14e29098b 987756 java optional libjackson2-databind-java_2.4.2-2+deb8u9_all.deb
 753cc52f350a7f18edcf258987e1a12e 4743850 doc optional libjackson2-databind-java-doc_2.4.2-2+deb8u9_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl2VEehfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HktgoP/2NT5QL8X1H3d++fbLuVT8mNSKzh5p8Ygynf
jIW3DFt/YGnw0h7XI8mGy23zX+ZSolUIBR2bVy0/Ybj8+8FY/0QW9txfldF5/ZeL
JdyLkNYB+m1AX3VBWJP/0vvMztis+J99couYjcDJ5hRFgW2Q7j6oGqy1GiLNlBZK
4eKq2ju0Jz3ZQO4byMdHx0+qP6NjSxvQlmizOmycE0EnUb3W2FenFR6FyWwmvZlX
ulwqFx4amUQJRqjlCLZrLACiVcKaXpFfcRrCj2+Og335R4m6JgSdFR65uvlKfMzg
qKeA65VNtBUyZ9WvXgqCpGW1McsFFICkRaE/QLFXewJmRi7WZDfE9l4ELGMlLPq+
hxw4r/KcV7jocQLFE/+EWSC3VbmJjEe1JdfTE0Uv9UUBd2cXLOW3ps0uIHgeOL+x
CRLHXqB+sRD21EMeDRG/YjVzCqcV6JRtpKHTTqOtJ0vR+XCa6I3ZHgtoLu4LCOfD
B9nEzaC8DrtW9ba9kh2dMODspH0pyGRFykpJYccPa7nrSPbPdbnG/Qksrf7ojs0/
Hp6JNIvsOSn+7IyJlqqcBTrqiOML6H7KhnGirHAEEy9SeZKdOEZqxZ+crNwbJGCw
stdVMgFAP7l3IH16YUyde+bGZLp3VgHiBeaPQ+AGDmzFCbmoWNKMMEtUr08feAJR
nmfXny4T
=4QEu
-----END PGP SIGNATURE-----
Reply to: