Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <>
Subject: Accepted jackson-databind 2.8.6-1+deb9u4 (source all) into stable->embargoed, stable
Date: Thu, 03 May 2018 13:51:17 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 May 2018 19:12:38 +0200
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source all
Version: 2.8.6-1+deb9u4
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data binding
 libjackson2-databind-java-doc - Documentation for jackson-databind
Closes: 891614
Changes:
 jackson-databind (2.8.6-1+deb9u4) stretch-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2018-7489: allows unauthenticated remote code execution because of
     an incomplete fix for the CVE-2017-7525 deserialization flaw. This is
     exploitable by sending maliciously crafted JSON input to the readValue
     method of the ObjectMapper, bypassing a blacklist that is ineffective if
     the c3p0 libraries are available in the classpath. (Closes: #891614)
Checksums-Sha1:
 298c031b8078d09d0de3c655dddacab95145c13b 2694 jackson-databind_2.8.6-1+deb9u4.dsc
 e39a0105c8b895ffe13c2562d0f7e66f921e6283 8860 jackson-databind_2.8.6-1+deb9u4.debian.tar.xz
 ff4077b35a72b97637f79d6ed963bde4284e1ecf 16674 jackson-databind_2.8.6-1+deb9u4_amd64.buildinfo
 636910f829a0c237715ed05a4c2e082893ddb66d 1229100 libjackson2-databind-java-doc_2.8.6-1+deb9u4_all.deb
 ce5098046772726083dbe96a2a0ec2e0db9b0c64 1154898 libjackson2-databind-java_2.8.6-1+deb9u4_all.deb
Checksums-Sha256:
 4fa7041643f7df05b1d221e1e9cf6a1cd04450374fd9f0a7c1bb0c87e33b84c8 2694 jackson-databind_2.8.6-1+deb9u4.dsc
 173a0a27d99e9ffebee78f9d407bbbce36574d663b65ceec0410b43b73132563 8860 jackson-databind_2.8.6-1+deb9u4.debian.tar.xz
 c671bd12e46094d81079a3470936a9392547d2b152aad0db7a00bd6a1e3516ab 16674 jackson-databind_2.8.6-1+deb9u4_amd64.buildinfo
 6d50d1dca18bfadbf472a0445922e3edf796c686b1963c9abbd12fbada90f1b2 1229100 libjackson2-databind-java-doc_2.8.6-1+deb9u4_all.deb
 7629b4158d1e4628203ce09b3357852150ed604537bd603cf45c9436846a8145 1154898 libjackson2-databind-java_2.8.6-1+deb9u4_all.deb
Files:
 7df9f2d72bcdfd7f1c2475068191081a 2694 java optional jackson-databind_2.8.6-1+deb9u4.dsc
 142d2137e81eefe5dda30dc1759a3af0 8860 java optional jackson-databind_2.8.6-1+deb9u4.debian.tar.xz
 b41d1c5ab9fe7ca724fc1d73fcc11c41 16674 java optional jackson-databind_2.8.6-1+deb9u4_amd64.buildinfo
 6027c4da7ff0adc26196aec8f705d982 1229100 doc optional libjackson2-databind-java-doc_2.8.6-1+deb9u4_all.deb
 f48cc1a5c2a62c112ff206acc36d29a9 1154898 java optional libjackson2-databind-java_2.8.6-1+deb9u4_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrpidBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkWDMP/jMeBjjgYUDxvXYCV/MUvmLooFFChuBXB09z
sh0zw9CjEJdJq2RZRafvmcu+ULU4wGz7sXMCA4fM6CE0ms6Tkh97chYC7bFkqnRk
ibqF6lIvSbWDKWU2/Tje8245x8BGGMHmGYnodRwrseEfqKveCLv9D/RJWgsE8Mse
8p51FGMit5CTjbNctyrA8p5P4RHZeEB7Vwqmpt4SpIOVL3QHoSFFGB5Ikl3Jl1dI
4sgs0WWuuPj2pOJS2U+ec244uDeaqOdNm+MTluSEGTkaaRmTTM3tcBqC4NGBU1K3
Cykslf8lYvFqeLYrZPyrQ0TnrTSvs9HSDcx6JZX+apDi499jrT8R0UxZgcFjfdDB
bv2wFpCUsLeIOcccZP6u5fRGzfh7bM9Er/qxP8mDGeYy9u4l/KZGF8DYl4T8eBK2
oSSOOgI2ctqrWIh63Y28jJvFzRdX4PY+525FCvXirsYUBwkiD2IX5JeLQVc3bKID
Y5Ah3Mp0jELRVkSu6jnl7fxLD7u9I3DKqKO66VxvwgkRBMzvyK6jC9xJHYpGZUmS
H1Y1rDyQm3U2G0WE1C2g4CirzLANkMGZEwInT2dnrRSWlDYMtNOig1z4jsbChMZ0
bZv2Zt0chV3tUsC80Alc1kdkouezotIk83jqrbSpdqaC9yWQzSSHOmqG5weU4OAm
vGwfOlSd
=kjwe
-----END PGP SIGNATURE-----
News for package jackson-databind
