Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted jackson-databind 2.14.0-1 (source) into unstable
Date: Sat, 12 Nov 2022 15:19:49 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 11 Nov 2022 23:19:39 +0100
Source: jackson-databind
Architecture: source
Version: 2.14.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
 jackson-databind (2.14.0-1) unstable; urgency=medium
 .
   * New upstream version 2.14.0.
     - Fix CVE-2022-42003:
       Resource exhaustion can occur because of a lack of a check in primitive
       value deserializers to avoid deep wrapper array nesting, when the
       UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
     - Fix CVE-2022-42004:
       Resource exhaustion can occur because of a lack of a check in
       BeanDeserializer._deserializeFromArray to prevent use of deeply nested
       arrays. An application is vulnerable only with certain customized choices
       for deserialization.
   * Declare compliance with Debian Policy 4.6.1.
Checksums-Sha1:
 dddbf84a7b1a3426c7dd8250cc2d7443031c5555 2495 jackson-databind_2.14.0-1.dsc
 869e1c8172148973429fc0fec1c1487bdfbee41d 1114728 jackson-databind_2.14.0.orig.tar.xz
 4e5102b25398a9c44c01ab4f8f3da987d90fedd8 5724 jackson-databind_2.14.0-1.debian.tar.xz
 3b2f37fc4f01161617d56cb264440b61838ce604 17857 jackson-databind_2.14.0-1_amd64.buildinfo
Checksums-Sha256:
 f18fa756a7d033d1576dab07458afc0689b74e19294b9bc686938b8eef66878e 2495 jackson-databind_2.14.0-1.dsc
 ec086218027c3ecf235fcda042bf04d87b4178ee225f0633f062cd20e64f74a9 1114728 jackson-databind_2.14.0.orig.tar.xz
 80d00d3ed7ca5c02f624b692fb52fc2280897137f0d25155ef6d58d3bed8dbb8 5724 jackson-databind_2.14.0-1.debian.tar.xz
 086481a21cc70cbb2557222ab431f6bfc961a1e61af4c3bceace04f9f294e5af 17857 jackson-databind_2.14.0-1_amd64.buildinfo
Files:
 061988bb9b3c42dbd49a805b0de67ca5 2495 java optional jackson-databind_2.14.0-1.dsc
 6e13acc9724783a4d6911e22a834b566 1114728 java optional jackson-databind_2.14.0.orig.tar.xz
 598bd926392c476e035d725322c8575c 5724 java optional jackson-databind_2.14.0-1.debian.tar.xz
 b897646cf401f2d4b9c43a2f75f3e9fb 17857 java optional jackson-databind_2.14.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNvsipfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkgHMP/2nwI9YUQqz9WD9vlXq5cBFdv6CGEzvPipEa
Nosmyp2bswHUlIxzlGCcUlXN62DyFi7O5ay1YD0MZK2frjRfZq9OxpMUZGdjIuvO
Ow4QtzAAmx/C+8J4ryVFDFmlwTgIGYiOeEMMpNHOe5X2RfxBN8wmMnStkrQr2MPD
xdY0A78XgQnCPiW/R7cB8jan0l+x7DJ1lioYPKLXaHKasENAQrr/AnpklP31s7ul
++DpRLJ/yDKrvuPbrrjhuiAlqPG2KdibKKKEksitxrhIQ83h8T0zKnN3q0gPVuxX
1aniWWJPV9ugn+2A2SbOs5/ufYd/I3li8As5i8n46YwHYrstEEbhJuj727Giq8ds
Z/6XRfw3n//GTtd/V+v8glmu/H5rhcRkCQw2+kmA+69NhIYqkItxu8V9xCCow3ui
NQznbUcxvwCx4opXIvsltu7xeZSVr739or9cyZPjJ7dhjI2HQflVHPYRA7qD/VE/
bnSXJI24iOr5ImQDUJ1hEvwLTNxoRO2muc58GLcMfGY6VrZK9eyPx7ivXn9mN32k
1v4XEHq3DkDUVX33qud3f9rIANFgU6C/Pc339LGVlrszrUuN9JAiVomkgAo1vvaR
lTKplyDDEa10+LFYVBhzT1dtuCtyTCvNtILG2FDI25Q2kK2EGEkwJZ9Fmljm09pn
HTjaxUKO
=+ZSm
-----END PGP SIGNATURE-----
News for package jackson-databind
