-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 11 Nov 2022 23:19:39 +0100 Source: jackson-databind Architecture: source Version: 2.14.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Changes: jackson-databind (2.14.0-1) unstable; urgency=medium . * New upstream version 2.14.0. - Fix CVE-2022-42003: Resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. - Fix CVE-2022-42004: Resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. * Declare compliance with Debian Policy 4.6.1. Checksums-Sha1: dddbf84a7b1a3426c7dd8250cc2d7443031c5555 2495 jackson-databind_2.14.0-1.dsc 869e1c8172148973429fc0fec1c1487bdfbee41d 1114728 jackson-databind_2.14.0.orig.tar.xz 4e5102b25398a9c44c01ab4f8f3da987d90fedd8 5724 jackson-databind_2.14.0-1.debian.tar.xz 3b2f37fc4f01161617d56cb264440b61838ce604 17857 jackson-databind_2.14.0-1_amd64.buildinfo Checksums-Sha256: f18fa756a7d033d1576dab07458afc0689b74e19294b9bc686938b8eef66878e 2495 jackson-databind_2.14.0-1.dsc ec086218027c3ecf235fcda042bf04d87b4178ee225f0633f062cd20e64f74a9 1114728 jackson-databind_2.14.0.orig.tar.xz 80d00d3ed7ca5c02f624b692fb52fc2280897137f0d25155ef6d58d3bed8dbb8 5724 jackson-databind_2.14.0-1.debian.tar.xz 086481a21cc70cbb2557222ab431f6bfc961a1e61af4c3bceace04f9f294e5af 17857 jackson-databind_2.14.0-1_amd64.buildinfo Files: 061988bb9b3c42dbd49a805b0de67ca5 2495 java optional jackson-databind_2.14.0-1.dsc 6e13acc9724783a4d6911e22a834b566 1114728 java optional jackson-databind_2.14.0.orig.tar.xz 598bd926392c476e035d725322c8575c 5724 java optional jackson-databind_2.14.0-1.debian.tar.xz b897646cf401f2d4b9c43a2f75f3e9fb 17857 java optional jackson-databind_2.14.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNvsipfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkgHMP/2nwI9YUQqz9WD9vlXq5cBFdv6CGEzvPipEa Nosmyp2bswHUlIxzlGCcUlXN62DyFi7O5ay1YD0MZK2frjRfZq9OxpMUZGdjIuvO Ow4QtzAAmx/C+8J4ryVFDFmlwTgIGYiOeEMMpNHOe5X2RfxBN8wmMnStkrQr2MPD xdY0A78XgQnCPiW/R7cB8jan0l+x7DJ1lioYPKLXaHKasENAQrr/AnpklP31s7ul ++DpRLJ/yDKrvuPbrrjhuiAlqPG2KdibKKKEksitxrhIQ83h8T0zKnN3q0gPVuxX 1aniWWJPV9ugn+2A2SbOs5/ufYd/I3li8As5i8n46YwHYrstEEbhJuj727Giq8ds Z/6XRfw3n//GTtd/V+v8glmu/H5rhcRkCQw2+kmA+69NhIYqkItxu8V9xCCow3ui NQznbUcxvwCx4opXIvsltu7xeZSVr739or9cyZPjJ7dhjI2HQflVHPYRA7qD/VE/ bnSXJI24iOr5ImQDUJ1hEvwLTNxoRO2muc58GLcMfGY6VrZK9eyPx7ivXn9mN32k 1v4XEHq3DkDUVX33qud3f9rIANFgU6C/Pc339LGVlrszrUuN9JAiVomkgAo1vvaR lTKplyDDEa10+LFYVBhzT1dtuCtyTCvNtILG2FDI25Q2kK2EGEkwJZ9Fmljm09pn HTjaxUKO =+ZSm -----END PGP SIGNATURE-----