Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted jackson-databind 2.4.2-2+deb8u4 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Mon, 07 May 2018 11:35:50 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 May 2018 19:20:38 +0200
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source all
Version: 2.4.2-2+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data binding
 libjackson2-databind-java-doc - Documentation for jackson-databind
Closes: 891614
Changes:
 jackson-databind (2.4.2-2+deb8u4) jessie-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2018-7489: allows unauthenticated remote code execution because of
     an incomplete fix for the CVE-2017-7525 deserialization flaw. This is
     exploitable by sending maliciously crafted JSON input to the readValue
     method of the ObjectMapper, bypassing a blacklist that is ineffective if
     the c3p0 libraries are available in the classpath. (Closes: #891614)
Checksums-Sha1:
 ccfc3b9a9ce8c7880c1bbd55318dd1f7e65cf8d1 2688 jackson-databind_2.4.2-2+deb8u4.dsc
 493d251d00f9ce410c16cf4d899c3e06f898a1a7 9316 jackson-databind_2.4.2-2+deb8u4.debian.tar.xz
 eca572a4e8131dc1ff89b90ec91fc9fbaa7bbdc6 986360 libjackson2-databind-java_2.4.2-2+deb8u4_all.deb
 553560bca5ac1709bf48ecc44d9311c52337b4d8 4746100 libjackson2-databind-java-doc_2.4.2-2+deb8u4_all.deb
Checksums-Sha256:
 ae3069fdcb7c47316024442d1992e9bf5fa7ff5602811eb590fda54ba8898469 2688 jackson-databind_2.4.2-2+deb8u4.dsc
 5a7137e610b6148dde41b28cecef65186946829587c462ac366fc8eb781e0d10 9316 jackson-databind_2.4.2-2+deb8u4.debian.tar.xz
 222f4d38062898302b1b8f4b295acc8e6ba209e67a4891693356b6e729ebe985 986360 libjackson2-databind-java_2.4.2-2+deb8u4_all.deb
 096f72bcf02ec360f9b8f11dbc0d69e4d5a29bf9204ac9739b3b0e63fb1fd799 4746100 libjackson2-databind-java-doc_2.4.2-2+deb8u4_all.deb
Files:
 87439afb0c69662576a64b821c1c3214 2688 java optional jackson-databind_2.4.2-2+deb8u4.dsc
 edc952e8a7e26e23335b3c486cec17cc 9316 java optional jackson-databind_2.4.2-2+deb8u4.debian.tar.xz
 01e0efc8076069fd69a60e2b8f0009de 986360 java optional libjackson2-databind-java_2.4.2-2+deb8u4_all.deb
 7766019cba4dbfd215c9529084abd5b7 4746100 doc optional libjackson2-databind-java-doc_2.4.2-2+deb8u4_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrpiHtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk83AP/idzhKoVEJSOpFiL0RtnUnxvryMFZ1K2CNnR
Ev2BhYSuuaD+f9pim8ZSV7FhAM+OsJA8fRbHP6wjOfZtTgmqj8PTOPeLkTz14s7Q
KOd9y9C0CDEqxMweBIB8pKXViPl4inj8STAY/rw6UcwmiFJjVYZdF31kwJw/K+/+
lETXWOFx8fJyxTs4mZJyE/t82psgkMEMGvceslKsbDV+7GPQvxYTc5VoC/8NexZD
23yznOBCwKHiSyatAHHvQ+O4WJhsVK6MxhFVqCYnPNaIPeGUcl2rXdV3Ux3EZzdB
8SbSY4a1nXJ8jgKXoRYWW7OtsuwZpBL8faailpiICsuc2l2iPg8yY+/5jFK1J0eE
V95rp7dcKQwubxnMwDhE9Cxta75l/LjRb2Ag8I+FZegUr7T7U+U4rztc38uy//i+
W8d0WLjFhmRR3zD57T6Qp6W5E1GJqW/tvmPl9w0daZTDXvJDdR1D/gTLFHddvY7r
VM2FdxdnyUAJ1KF54Jc6Y5QX0YVJlo4UsDTymutf39Zhe8e+65NeTgGzGvYpor1g
Iv2zbzhCOgEEUz7AEMbtAbFNBlHkvMqPWLll3lXNf+NmmBNKYIPzDqkFmaO1X19I
OgmwdruNhgo9stcJHGpEbvBkLjz+hBcfXROzRj4XDpdZo6zeiiatElxcEV7mJwrL
ZvQx9Oc0
=cs33
-----END PGP SIGNATURE-----
News for package jackson-databind
