-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 12 Aug 2019 17:40:56 -0400 Source: jackson-databind Binary: libjackson2-databind-java libjackson2-databind-java-doc Architecture: source all Version: 2.4.2-2+deb8u8 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding libjackson2-databind-java-doc - Documentation for jackson-databind Closes: 933393 Changes: jackson-databind (2.4.2-2+deb8u8) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-14379, CVE-2019-14439: Deserialization flaws were discovered in jackson-databind relating to EHCache and logback/jndi, which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. (Closes: #933393) Checksums-Sha1: e6cb4f056f9f7fe33e18e449b8873f600c2dd9a4 2540 jackson-databind_2.4.2-2+deb8u8.dsc f33d7c2fa2d7f171c9133abc7c701f30c64d0299 11344 jackson-databind_2.4.2-2+deb8u8.debian.tar.xz 8b789e4e716e3bdeade167b1c68b94b99de43062 987578 libjackson2-databind-java_2.4.2-2+deb8u8_all.deb 78f01f584329cb40af125e74af6bd2422705119a 4755792 libjackson2-databind-java-doc_2.4.2-2+deb8u8_all.deb Checksums-Sha256: 656cff739c7e44716f04db11e45a7c27d57ecb79a0c17e1513a5ffcd0e672743 2540 jackson-databind_2.4.2-2+deb8u8.dsc 66f6e6f82c2ff931b97d7f4f921bfde58b6624b1c0d226b243908606f9e33ae4 11344 jackson-databind_2.4.2-2+deb8u8.debian.tar.xz 57eaa75dc4c6f46830d751632aed04077bdcebe8ae81b711d204ae4114a46580 987578 libjackson2-databind-java_2.4.2-2+deb8u8_all.deb 440d90e3306449db32067dd4c05ca843d00c50328fe03f5fb36f60be4fbdfbaa 4755792 libjackson2-databind-java-doc_2.4.2-2+deb8u8_all.deb Files: 42c550597330fd57f5335db54e4233f5 2540 java optional jackson-databind_2.4.2-2+deb8u8.dsc 66ccc5e1bfc4bee92667c164d2ccab3f 11344 java optional jackson-databind_2.4.2-2+deb8u8.debian.tar.xz aab3fe2c48d889fa14a5adecb8dba388 987578 java optional libjackson2-databind-java_2.4.2-2+deb8u8_all.deb 5eba8313a468e101731d6df57757e1e9 4755792 doc optional libjackson2-databind-java-doc_2.4.2-2+deb8u8_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl1R4lkACgkQLNd4Xt2n sg/S2w//dMF5HF0V+Zli/cDahY5p36jh4ePNX8rS52oZLDY51lKhJ6dI/2rTq3zK UeE9Lj5T/TRwMvOJilvK9o0di/JWHtWIiDpBap0CRtSDuHf6GMw2/Q2ez1bFMerE ooXOK4JXSD0v5yBk+yhvdRrbGS2oiaBI32cmhfuMVjX+ocS1Vn1xLvyIkxDAz9lh AI/tyFniCU/+D1V6Qdusk/ecFuNbWxzI3xP0/LeercX7FCbGPPRm3fWKNLUaIXyp v8W/gPpdf9R1EPLm8RJy8nmhf7Sl4s3j1DMK9aY/xNJqKQbhqEbCipcn73iOy9+F HiQCf6S1Mr2g/zmkuM4F3bsQNcstUkhWieLiWcX+n8vtqFjcShJWNQ+/bmf58eV8 K7lWJzmVjiPooxz1f8T8GiXXV2J01abGBkFvXdW5iovFvC6JUuPgomsusmC+I+Dw PSd0eCQR1tfuSu3YQM8rE+lnDVn+HIdIn9NOFB+Nqpc09gHOfevi8Dq6VYrmJ9Nc PsovGBHjxRTGXJQXfT6OIb+QCEhDginCO21HMzoKbAEW+otdSPGmwb1atjI25AOl L5kuuVwBlBUN31PxnwBAoCsdp6ZzRJ1QB6CAHw4q9w+iaU8qw0efS1kMFt1kLqJ4 AdYuF7yUxqiuQQVpjPwaM70QXbpIjmNxvDOhzr9DZFmuJ49YMd0= =KRK7 -----END PGP SIGNATURE-----
