Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted jackson-databind 2.9.8-3+deb10u2 (source) into proposed-updates->stable-new, proposed-updates
Date: Thu, 09 Jul 2020 19:17:32 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Jul 2020 17:21:32 +0200
Source: jackson-databind
Architecture: source
Version: 2.9.8-3+deb10u2
Distribution: buster
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
 jackson-databind (2.9.8-3+deb10u2) buster; urgency=medium
 .
   * Add multiple-CVE-BeanDeserializerFactory.patch and block more classes from
     polymorphic deserialization.
     This fixes 20 CVE that currently affect the package namely,
     CVE-2020-9548, CVE-2020-9547, CVE-2020-9546, CVE-2020-8840, CVE-2020-14195,
     CVE-2020-14062, CVE-2020-14061, CVE-2020-14060, CVE-2020-11620,
     CVE-2020-11619, CVE-2020-11113, CVE-2020-11112, CVE-2020-11111,
     CVE-2020-10969, CVE-2020-10968, CVE-2020-10673, CVE-2020-10672,
     CVE-2019-20330, CVE-2019-17531 and CVE-2019-17267.
Checksums-Sha1:
 b51dd344ef7db675de12333763aecdc778fcfd48 2711 jackson-databind_2.9.8-3+deb10u2.dsc
 910afe8ef150114dcf41088886b1d5509aebfa5c 7568 jackson-databind_2.9.8-3+deb10u2.debian.tar.xz
 63db361fac9e1d14824a7a9d776789c87219ed67 16881 jackson-databind_2.9.8-3+deb10u2_amd64.buildinfo
Checksums-Sha256:
 beefdcbe55f18d03a823f15ba5f604327b760174f7179454180dbb4e31ba7133 2711 jackson-databind_2.9.8-3+deb10u2.dsc
 f70968ed48cbba9f9adfc5d3f963c8378b95597b496733462aee9735fc4b70ab 7568 jackson-databind_2.9.8-3+deb10u2.debian.tar.xz
 7fbbf7699811da7b7fd1bc8011ba40e6c30f41e2770e6b73329c23486c173195 16881 jackson-databind_2.9.8-3+deb10u2_amd64.buildinfo
Files:
 47ea01ce64b92fe9e6c2797a42b0ac34 2711 java optional jackson-databind_2.9.8-3+deb10u2.dsc
 d2d69550f4a1dcc3079431dd5febb8e6 7568 java optional jackson-databind_2.9.8-3+deb10u2.debian.tar.xz
 1cad2ba9cdde3ae49f7b8bfb1c82b1ef 16881 java optional jackson-databind_2.9.8-3+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl8HOOtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkUBwP/1+Nc5bbE6jx9HlL9OVj+1edIUo1KYEEeEHs
/5QSK+Ysh6Wl0ZlfRSy6hF1ZkremooBzPsq1lwUtp9MJ/Z33TwIUt94hTL3318Eg
4YiCy2sQb+xsGwCa5u0LLDgFCoDWzJviZedm48CgBuSGApSuhn/xOeDs2N69VFM6
yotC7lC1Uv+/gosYQD3Alt93QEkl3W+euwvwUw35WdSgjGd4it8oCmp7k9F9+6ra
XGNTlqnMam1nqvKVpXkeJpZhDwP9MgRU7Nb0W9eB5XywqKfOqsgwM/ts6IF5imkj
WZtHccQaOch63MJSP3IXQTLe5fRS73p22OZJLSGHFzWbpP66ezPooJGgnoREwYVy
udly5CGXtKRCfdFYAYWQyq4BY2cod3ulnrviKo0b9m3oYl0MgcwGs3lGtfDs6emZ
LiGU/bWomEJkKjCHLZI5AnJu19R+mPCMkerLQ50lxcvWcZx0AVlcs4Xbv6xW6wdJ
C7s+yyPz3Vsee4sgoUb2eNtV65yGQgJQyWhNxT2TWRdLZiVJA5kMIGE3HhFm3fnr
yAaOrPouozrOP3LrkGT2SfBqnVJ+CjiutWUfxFj34aWF3llt257XNuNKQFa9WVvN
caln10h2WjDQVV+vT3SScaudycF7KYep6HpMkpukKFEGJPEXxpmAvF5PxpvPCkPw
RPQpxnQZ
=9Zem
-----END PGP SIGNATURE-----

News for package jackson-databind