-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 05 Oct 2019 19:39:24 +0200 Source: jackson-databind Binary: libjackson2-databind-java libjackson2-databind-java-doc Architecture: source all Version: 2.9.8-3+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding libjackson2-databind-java-doc - Documentation for jackson-databind Changes: jackson-databind (2.9.8-3+deb10u1) buster-security; urgency=high . * Fix CVE-2019-12384, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942 and CVE-2019-16943. Several deserialization flaws were discovered in jackson-databind which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. Checksums-Sha1: cf76ece72008c391fe7acd2cac35f3b1345dbca6 2215 jackson-databind_2.9.8-3+deb10u1.dsc 0d93659eea570c33325d3dd50b335eb11a75a92c 847888 jackson-databind_2.9.8.orig.tar.xz 4bc615285437d151c9d39c4ff9fdcdbcbb091282 6144 jackson-databind_2.9.8-3+deb10u1.debian.tar.xz 234deaf6e08627ebcfe4f72f59eea7a0768e9962 16266 jackson-databind_2.9.8-3+deb10u1_amd64.buildinfo 322c0f6ac6d0aa071cc2ccf4bcfb2d5fab42734d 1624348 libjackson2-databind-java-doc_2.9.8-3+deb10u1_all.deb 196537210090efe31f7c0598778fcdd4f751a197 1264332 libjackson2-databind-java_2.9.8-3+deb10u1_all.deb Checksums-Sha256: d4f16f77e5f7ec4e7d4a6ec2cee310138b44fb49749b90b493d681f853c31cc9 2215 jackson-databind_2.9.8-3+deb10u1.dsc 520d5c76dd7afbe27b642b419fb9aecaf583ec5778081e593925cf289a0a9063 847888 jackson-databind_2.9.8.orig.tar.xz b9d0748584b831c5a44bf8a24eaf340a241d685e9d2cd2c41cb9afa51b47c408 6144 jackson-databind_2.9.8-3+deb10u1.debian.tar.xz fd9bb68beebabb0ebf1afad5e3981e08d132187982f76b950fc6f555f921ebd7 16266 jackson-databind_2.9.8-3+deb10u1_amd64.buildinfo e94327ae76fbd585663cda15a5e6dec7b48921496502df7f61166b41ca857222 1624348 libjackson2-databind-java-doc_2.9.8-3+deb10u1_all.deb 222175bb91c259ebddd343687df45aaf886b1ffaed556af2a06e1c41b68fd4fa 1264332 libjackson2-databind-java_2.9.8-3+deb10u1_all.deb Files: ed9577432898eaad09007b2020814807 2215 java optional jackson-databind_2.9.8-3+deb10u1.dsc a31a309a0754d3b16f4a53a827fc4c10 847888 java optional jackson-databind_2.9.8.orig.tar.xz 13ed733af4045bb032dd3ae0f5d04211 6144 java optional jackson-databind_2.9.8-3+deb10u1.debian.tar.xz 2a7024975dd413995dfc1d4bbed52606 16266 java optional jackson-databind_2.9.8-3+deb10u1_amd64.buildinfo 680a365135999619f15f0955c733fff3 1624348 doc optional libjackson2-databind-java-doc_2.9.8-3+deb10u1_all.deb 5c3098cf783ae059963727d3bde2e4db 1264332 java optional libjackson2-databind-java_2.9.8-3+deb10u1_all.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl2Zkj4ACgkQEL6Jg/PV nWTdLwgAxw0ss0qTa6hKAV2QxYfSYlobYORLGSwRfElLHK7I6xlB4wo4b/NPImIL S8S5OlbpHWMqml1U2xQ0AEGSblMsuKpt53YXZWMJ9Ax7Ji1jznERFEJpa2zDBlw0 MHB9O5UYizmRhhDK53adIy9epTPraJcN4dqVq2MuPLPMXtg0Tm0h+LZfVvlsYhwE IZvKDSyAq/d4bkmiXbKcUF2TiRcJnygs2CS166w3fQIa+iDz5rmTI3JSGLlE316S zuKamdaC93i1CnEnEUcTenh3aeP3EhagQ4yfKbw+rdCbQBVCKiXecHW8pFOateOl yvXxDEvsXCaBq4snIFSzZmqc+GMn2g== =k47i -----END PGP SIGNATURE-----
