Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted jackson-databind 2.8.6-1+deb9u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Thu, 09 Jul 2020 18:32:23 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Jul 2020 16:42:01 +0200
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source
Version: 2.8.6-1+deb9u7
Distribution: stretch
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data binding
 libjackson2-databind-java-doc - Documentation for jackson-databind
Changes:
 jackson-databind (2.8.6-1+deb9u7) stretch; urgency=medium
 .
   * Add multiple-CVE-BeanDeserializerFactory.patch and block more classes from
     polymorphic deserialization.
     This fixes 20 CVE that currently affect the package namely,
     CVE-2020-9548, CVE-2020-9547, CVE-2020-9546, CVE-2020-8840, CVE-2020-14195,
     CVE-2020-14062, CVE-2020-14061, CVE-2020-14060, CVE-2020-11620,
     CVE-2020-11619, CVE-2020-11113, CVE-2020-11112, CVE-2020-11111,
     CVE-2020-10969, CVE-2020-10968, CVE-2020-10673, CVE-2020-10672,
     CVE-2019-20330, CVE-2019-17531 and CVE-2019-17267.
Checksums-Sha1:
 a2ce1d6a61d52ca6d51cf2d4732778e84e462365 2697 jackson-databind_2.8.6-1+deb9u7.dsc
 f6cccb41fd32c2dfaaf0790ccade0a47c82aed28 11676 jackson-databind_2.8.6-1+deb9u7.debian.tar.xz
 3bca7bc2a6c331996b68e144a950b9ca6bed2438 16996 jackson-databind_2.8.6-1+deb9u7_amd64.buildinfo
Checksums-Sha256:
 8dc95713ab10ad95119e0f2cb385226bccbec106cc4c20bc86ec683e84db283b 2697 jackson-databind_2.8.6-1+deb9u7.dsc
 82c95109e6b4b76b8671c22f9561a38bfe9b365f84556dee4d32d96afb00d4dc 11676 jackson-databind_2.8.6-1+deb9u7.debian.tar.xz
 94a85c3a5ffa35e61448dd51d1f6690d5211a2ef37f17c203ee515ee8db1d4a1 16996 jackson-databind_2.8.6-1+deb9u7_amd64.buildinfo
Files:
 30f3ef18c42a454ff835ed989be72b36 2697 java optional jackson-databind_2.8.6-1+deb9u7.dsc
 7a2bb4376f571378204ff6fb78565a46 11676 java optional jackson-databind_2.8.6-1+deb9u7.debian.tar.xz
 d19e4fecd1656cff0b6d9e1ca7d16c84 16996 java optional jackson-databind_2.8.6-1+deb9u7_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl8HOwhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkx1kP/0nIEV2v931P2+0VVkRCQa18EjD/dFl/JERS
OeT9Ytae1RreiJxe81kMk2PiTZD3dAM9rcoxySyNO4kEUpxzNT+JASuU6zsQ9dU/
TyqlAo7n05bvNKDBTMAIEBXK6q7AiX80QrYzJX1wgNjX2rCmf6C51ZA4Scb9wnpf
k+71Poxs9EAanAxFrrQFbtAoVH/d7eb1ESAoVVquIaLXQGXaSf39SIVsemO0aCpJ
CTGNVXFIQDtWud/wISFC9FveLHToBBSrjXptxi0a51diN7YR+yFuz67MzmCjszom
NnUz0wz7bqsmMPAjfWpxDR6CDyBezmIRjfpc075x3vUJN3kRwoviA3ymiHlyROk6
4I5pmZlw+bkyHjM8Y0U5y71eP1bYfDp3eQoIuoPNzs//CpKqP5qZTSdsE3PQgW0b
7JrDUKhnCjFzyADYhoNDprnG+mr1P/Q1fhy34IU41AXM1TbyeS1V48gMtR//CiNy
40n3hjhg3AwYp49elHitF8XqNsEE06qxKNZvxPXlwd+YXLsje1eOeibWSiGnn68G
E7a0ZhWAyfhG1X0/sIpm32LXK04ky/yGFckUfas7M/00tQjxObt/HYXZ0AUXTnSH
xzQrWW1Q+rN+c+t1sBGOGbl8P7FuZhrgSF2D92v0eT90vUZ9p1Ntcniaj8EVRIGG
IOAPQU50
=Iu9i
-----END PGP SIGNATURE-----

News for package jackson-databind