-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 25 Jan 2018 14:45:19 +0100 Source: jackson-databind Binary: libjackson2-databind-java libjackson2-databind-java-doc Architecture: source Version: 2.9.4-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding libjackson2-databind-java-doc - Documentation for jackson-databind Closes: 888316 888318 Changes: jackson-databind (2.9.4-1) unstable; urgency=medium . * Team upload. * New upstream version 2.9.4. - Fix CVE-2018-5968: bypass of deserialization blacklist related to CVE-2017-7525 and CVE-2017-17485. (Closes: #888316) - Fix CVE-2017-17485: unauthenticated remote code execution because of an incomplete fix for CVE-2017-7525. (Closes: #888318) * Use compat level 11. * Declare compliance with Debian Policy 4.1.3. Checksums-Sha1: a3d1d2e49764ea0b2c761e8243bb5fe9ec2627f8 2728 jackson-databind_2.9.4-1.dsc 64e99d866cf9520a5d237e614b232c14ef4bd86e 1237542 jackson-databind_2.9.4.orig.tar.gz 0172687bda1e45548c65cedbff7a2a6f5bb51e9b 4320 jackson-databind_2.9.4-1.debian.tar.xz 3bae230b4c23ec8faf6f280446f98289c39f4723 17211 jackson-databind_2.9.4-1_amd64.buildinfo Checksums-Sha256: 63789275fbed8d774c97831bd0ebc6de61e2b2e8ff08baad2e4baeb56529d01e 2728 jackson-databind_2.9.4-1.dsc 08e8439ad91035ec446733037fa85062b3e86f82dd24f5515fb34df30967a2fd 1237542 jackson-databind_2.9.4.orig.tar.gz 2a9ea35c988ba86ed674a1cc6f5eb12261e4d877872c4ca4045f3add2e8aaf14 4320 jackson-databind_2.9.4-1.debian.tar.xz de3ee482f5afd378422980bfe4cb3cc9d39eefadadea36d7cf24bcc11cf9de9e 17211 jackson-databind_2.9.4-1_amd64.buildinfo Files: f4d3678269270f6d345e130656b3ae04 2728 java optional jackson-databind_2.9.4-1.dsc d1f5c7f7c1f32d798219d384e8c055ed 1237542 java optional jackson-databind_2.9.4.orig.tar.gz 0bdcd302bbc390f9c6a720316507400d 4320 java optional jackson-databind_2.9.4-1.debian.tar.xz eed9fd48116f3844d3d3e600c3612043 17211 java optional jackson-databind_2.9.4-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlpqYPFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkPRwP/ReNNsjgoiJpC9ic/AweO0jPJYHsGj9otDDQ uxbuH89ue2Ovs6jTiXnJHa5DZhEEnRCyC6kZ0OWpIvE/SAJG+SXX00zXdn82q76R YotQdEa9xTPe5M/cpXO542XZypWsyF9/f1k+RHItd0B465ei7MRVp84J0hhenSBj 3huqgOLxqoCCzwm2LyzE+sLoLw8K6/3m/biagfpCdelsbYs4LJJ44xLqLSZW54pK qR9NLYnWRgVGYeQUJvpChQ3n5Z2qMTPe/Brp4xw2fE3PLdx2/PxqMll+V73a4tsM kylEz2DxU3yHhbIViQDb960b2rdZlXIupQ2okhH2k8Io0sd4JOpi38F+Odd/eT5+ moxjpSaA4GFXa/DiIqx2e8hDWUQKOchlw8ViVrDF1Jaow4g46BBkXZho0pDBriIN j0UUPkdSPE/KHK89ehzFkgWHUphz6C0JXMhVwGj2Gq0XSe2RK6kaxh15fbcD6xSI e5+uKxlE1ZXZ8znnqoTt3b9MDv59Q6ZPJ4rX3UugtgyeJ0sXlVzU8t/gBgIFbEp6 HzyAWwzE+CPbYlZjgpt1oXYifFyr1xuORhIFA7zyz6S80+Xic/c1iqQdmSyXci0+ 4OGlI/n6Q6bO1nCo6GvKvlmOwpOfbiNSSNv4kAlu/hy6UyvMgbPghpdEvTURrtt7 HUf3j8ze =77kV -----END PGP SIGNATURE-----