Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted jackson-databind 2.4.2-2+deb8u7 (source all) into oldstable
Date: Fri, 21 Jun 2019 12:40:12 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 21 Jun 2019 14:16:32 +0200
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source all
Version: 2.4.2-2+deb8u7
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data binding
 libjackson2-databind-java-doc - Documentation for jackson-databind
Changes:
 jackson-databind (2.4.2-2+deb8u7) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * More Polymorphic Typing issues were discovered in jackson-databind. When
     Default Typing is enabled (either globally or for a specific property) for an
     externally exposed JSON endpoint and the service has JDOM 1.x or 2.x or
     logback-core jar in the classpath, an attacker can send a specifically
     crafted JSON message that allows them to read arbitrary local files on the
     server.
Checksums-Sha1:
 740f82394a856d212296eb22ae2aa5edeaf4e981 2691 jackson-databind_2.4.2-2+deb8u7.dsc
 67c84c8fef6daf4726afb42b465a321ff57ea0c9 11048 jackson-databind_2.4.2-2+deb8u7.debian.tar.xz
 a75dbb35c5b50d6718c3de08604fd788632f8063 987418 libjackson2-databind-java_2.4.2-2+deb8u7_all.deb
 d1919f4a9d484e5d0d26a918fa889e87ef4978be 4746840 libjackson2-databind-java-doc_2.4.2-2+deb8u7_all.deb
Checksums-Sha256:
 f7a7ec0f2e5bd05b740d4662c538af204787e1e76047aac2b17ea02543d22eb9 2691 jackson-databind_2.4.2-2+deb8u7.dsc
 ab603541d2449ccb0254709464000fe6756d4eb3ab3c7ce952e4d385fcefa7ca 11048 jackson-databind_2.4.2-2+deb8u7.debian.tar.xz
 b9cdd0ee518eec9fc3bf6002aa4f08e0183e039a2ab0fb2525f9ca571933133e 987418 libjackson2-databind-java_2.4.2-2+deb8u7_all.deb
 7990308100acff9c3b70da47232ad28b55b834bf2b8af24319068a1a875795b1 4746840 libjackson2-databind-java-doc_2.4.2-2+deb8u7_all.deb
Files:
 ecec562643030fc24a77f0d278a8a06b 2691 java optional jackson-databind_2.4.2-2+deb8u7.dsc
 1ebe23d1525c997a805629bb5a788416 11048 java optional jackson-databind_2.4.2-2+deb8u7.debian.tar.xz
 4f5351e8d0b4bf82aac548d13cfb6606 987418 java optional libjackson2-databind-java_2.4.2-2+deb8u7_all.deb
 e4c3b7e19e512d2e42c7a5c2ecd9a5bb 4746840 doc optional libjackson2-databind-java-doc_2.4.2-2+deb8u7_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0MzVNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkRH8P/iWXV+YoaTBk76azq9XKltJL5IsuRnBN/4F0
tgS4/J0eUSLEfVnYZ5PDIvz3Cj71gtGAKyn3LLKKeIMY1x0LOIBYMhI0nE9KJKAZ
f4NNF9pGkMFjMeIW81glj23ujS1LqC+i4ayZaH71qr3f0Y21ZeCor1ZzXRQwzxYR
vqoZbXEtFvG2Gbj7C9jVrgFIG+wJzcqS/g6tf0gs5ERGhikRFaVu7Xu4N+JuyGbN
qFCtjeO9yJ2GosvaIu+iNoj7FNmOzV7URrSefituJ0zIfb6BlQASUOdNSEOtwNs3
Fal/AIbl9vIh2vpbZi1iN1y9/aLLPhkVdGR87DgQCouvhpfJGb/jfU4Ri6GvpE3d
usT2BGmOeu3eFJNB0NbuvaNnBb3/QuFvG2shTLKUbmxxdSgRDN1W/QHNsnTL0UW9
hOGGKVpctU2n4Lv0/fdoWKvx0wVRXVrvWUQ2mpFeoak/FI6dlkb746gQC78sWfYr
0uLZysxsoswt5EPUCEaLOcfdoiV7kqMaPyRxzFqXWO0u7fCp6poESqZwFUG+E2Xq
uGUoUFXZXQF/ji3UwqFkXteo18CxUS0/3qQ1Kh10Qp8eAMkmqOKMktXmCpNUAlZG
QV9ymywp/r6/6gxARWk33wh17q2ooLEJPJaI24iT3fqJl74c+kD1S5wiCVudnhG8
3CaePqBa
=sFNn
-----END PGP SIGNATURE-----
News for package jackson-databind
