Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted jackson-databind 2.9.8-3+deb10u3 (source) into proposed-updates->stable-new, proposed-updates
Date: Mon, 03 May 2021 18:17:08 +0000
Signed by: Utkarsh Gupta <utkarsh@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 24 Apr 2021 19:56:57 +0530
Source: jackson-databind
Architecture: source
Version: 2.9.8-3+deb10u3
Distribution: buster
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Changes:
 jackson-databind (2.9.8-3+deb10u3) buster; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
   * Add patch to fix:
     - CVE-2020-24616: Block one more gadget type (Anteros-DBCP)
     - CVE-2020-24750: Block one more gadget type
                       (com.pastdev.httpcomponents)
     - CVE-2020-25649: setExpandEntityReferences(false) may not
                       prevent external entity expansion in all
                       cases
     - CVE-2020-35490 and CVE-2020-35491: Block 2 more gadget
                       types (commons-dbcp2)
     - CVE-2020-35728: Block one more gadget type
                       (org.glassfish.web/javax.servlet.jsp.jstl)
     - CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, and
       CVE-2020-36182: Block some more DBCP-related potential
                       gadget classes
     - CVE-2020-36183: Block one more gadget type
                       (org.docx4j.org.apache:xalan-interpretive)
     - CVE-2020-36184 and CVE-2020-36185: Block 2 more gadget
                       types (org.apache.tomcat/tomcat-dbcp)
     - CVE-2020-36186 and CVE-2020-36187: Block 2 more gadget
                       types (tomcat/naming-factory-dbcp)
     - CVE-2020-36188 and CVE-2020-36189: Block 2 more gadget
                       types (newrelic-agent)
     - CVE-2021-20190: Block one more gadget type (javax.swing)
Checksums-Sha1:
 e57b29afd05026d7b05ee41ee8cf4ec5500ca508 2589 jackson-databind_2.9.8-3+deb10u3.dsc
 2ff8f5a4c3220eeeacbed08cb44fda6a3a2aaea2 9260 jackson-databind_2.9.8-3+deb10u3.debian.tar.xz
 4d5d4b1badd695c107419d4f910d598b0022096e 17002 jackson-databind_2.9.8-3+deb10u3_amd64.buildinfo
Checksums-Sha256:
 3fb7032b7119dcb8f78ede079421fff4a0833fee7415c779186642e0852c0984 2589 jackson-databind_2.9.8-3+deb10u3.dsc
 16ae08616e5adee7d64375669631f5c442de71381486bbdfb1e12a3384d1597c 9260 jackson-databind_2.9.8-3+deb10u3.debian.tar.xz
 09b694aafafea86b88885e1869be75bc3f0329b22521478ee60409048beb15d4 17002 jackson-databind_2.9.8-3+deb10u3_amd64.buildinfo
Files:
 c3f3167b3cd1c4881453fd9adce3639e 2589 java optional jackson-databind_2.9.8-3+deb10u3.dsc
 179b286c8431850a1db8e7cdd3546d1d 9260 java optional jackson-databind_2.9.8-3+deb10u3.debian.tar.xz
 7fcd0bc370460da2e4e7de55a2999bff 17002 java optional jackson-databind_2.9.8-3+deb10u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmCELJATHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlpKFEACuLFdoF/nI2lA1fEAKt+9qRSq2RNhR
m6+YGvKEanjxk5PhbS9qKpF3oRzjdEcCnp/PDGleuyJE/nyAH0ELizSoV+sl/GD+
toOWt97KtFQQWrra0HuHperNJS63BBDsTx637VWMDGG+8vZ+dyQJ8YNHM+ESklQc
nsEkfbPlnB1CrcWXMHIGiGbxgJILO3ZovdkaVyZcuT6WzO8k+k6lDXxgeM74oeUW
FzDT98UpLZF/KIP1TcVgYhdEbQ9itADaxA2DY8hbw0ZLxjByTgvb8RtOn3S3DbFA
kVW1tiwS3ZJ5dgyoAH9v7uLkJTpbECOPMfo+Dqe9Qt5OQdeCwdNlkXvKeeje5vxY
UzNqaZTQZ4vHCOdkfLezO5y9h/apimPcwZ583aX90OoHu0R9RpeTDBbDoWxKgay4
cDEE/NHc0EMROATmaUZguPp7gKCsoNR4Fnu0dFi19tRTKvgJtr4luhISWOXY+sxv
0G7BltlzWsax+8SJNEubQ7GXK+/xMoDI0wNdkPRArpq73OnsW3x3ErjRPbOzYzr0
9ytMGxcxHSF1EyoTlP1PIW0I4COygu/LSyYWHTqhOO/Xp0TQi8Drnqo994Ct4kBJ
cHqXXW3Q4nRGnZWyiHNQvacB3K+4ivzOX0oVkwvJGduJ4hm+NZ3e0zBlmYNX43AE
QTKk8QCoiWFzTg==
=AfZZ
-----END PGP SIGNATURE-----
News for package jackson-databind
