Bug#1003826: buster-pu: package libjackson-json-java/1.9.13-2~deb10u1
Control: tags -1 + confirmed
On Sun, 2022-01-16 at 14:17 +0200, Adrian Bunk wrote:
> * Add upstream fixes.
> - Serializing types for deeply nested Maps.
> - Set Secure Processing flag on DocumentBuilderFactory.
> - Set setExpandEntityReferences(false). (Fixes: CVE-2019-10172)
> - WriteRawValue surrogate pair fix.
> - Fix deserialization.
> - All known security fixes. (Fixes: CVE-2017-15095 and CVE-2017-
> 7525)
> * Update Standards-Version to 4.5.0
>
> Except for Standards-Version and the dh compat bump reverted
> in this backport, the bullseye package was the buster package
> with several bugfixes applied (including fixes for 3 CVEs).
Please go ahead.
Regards,
Adam
Reply to: