jackson-databind - Debian Package Tracker

general

source: jackson-databind (main)
version: 2.14.0-1
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Markus Koschany [DMD]
arch: all
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.8.6-1+deb9u7
o-o-sec: 2.8.6-1+deb9u10
oldstable: 2.9.8-3+deb10u3
old-sec: 2.9.8-3+deb10u4
stable: 2.12.1-1
stable-sec: 2.12.1-1+deb11u1
testing: 2.14.0-1
unstable: 2.14.0-1

versioned links

2.8.6-1+deb9u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.6-1+deb9u10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.8-3+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.8-3+deb10u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.12.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.12.1-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.14.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libjackson2-databind-java

action needed

A new upstream version is available: 2.14.2 high

A new upstream version 2.14.2 is available, you should consider packaging it.

Created: 2022-11-24 Last update: 2023-03-27 22:37

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2021-46877: jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.

Created: 2023-03-19 Last update: 2023-03-27 11:06

Depends on packages which need a new maintainer normal

The packages that jackson-databind depends on which need a new maintainer are:

xmlstarlet (#1015848)
- Build-Depends: xmlstarlet

Created: 2022-07-22 Last update: 2023-03-27 21:33

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2022-11-13 Last update: 2023-02-03 01:38

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2021-46877: (needs triaging) jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-03-19 Last update: 2023-03-27 11:06

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.6.1).

Created: 2022-12-17 Last update: 2022-12-17 19:18

news

[rss feed]

[2022-11-27] Accepted jackson-databind 2.9.8-3+deb10u4 (source) into oldstable (Markus Koschany)
[2022-11-19] Accepted jackson-databind 2.12.1-1+deb11u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
[2022-11-18] jackson-databind 2.14.0-1 MIGRATED to testing (Debian testing watch)
[2022-11-17] Accepted jackson-databind 2.12.1-1+deb11u1 (source) into stable-security (Debian FTP Masters) (signed by: Markus Koschany)
[2022-11-12] Accepted jackson-databind 2.14.0-1 (source) into unstable (Markus Koschany)
[2022-05-05] jackson-databind 2.13.2.2-1 MIGRATED to testing (Debian testing watch)
[2022-05-02] Accepted jackson-databind 2.8.6-1+deb9u10 (source) into oldoldstable (Markus Koschany)
[2022-04-30] Accepted jackson-databind 2.13.2.2-1 (source) into unstable (Markus Koschany)
[2021-11-09] jackson-databind 2.13.0-2 MIGRATED to testing (Debian testing watch)
[2021-11-04] Accepted jackson-databind 2.13.0-2 (source) into unstable (Markus Koschany)
[2021-10-22] Accepted jackson-databind 2.13.0-1 (source) into unstable (Markus Koschany)
[2021-09-12] jackson-databind 2.12.5-1 MIGRATED to testing (Debian testing watch)
[2021-09-07] Accepted jackson-databind 2.12.5-1 (source) into unstable (Markus Koschany)
[2021-05-03] Accepted jackson-databind 2.9.8-3+deb10u3 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2021-04-24] Accepted jackson-databind 2.8.6-1+deb9u9 (source) into oldstable (Utkarsh Gupta)
[2021-01-23] jackson-databind 2.12.1-1 MIGRATED to testing (Debian testing watch)
[2021-01-17] Accepted jackson-databind 2.12.1-1 (source) into unstable (Emmanuel Bourg)
[2020-10-14] Accepted jackson-databind 2.8.6-1+deb9u8 (source all) into oldstable (Chris Lamb)
[2020-07-15] jackson-databind 2.11.1-1 MIGRATED to testing (Debian testing watch)
[2020-07-09] Accepted jackson-databind 2.9.8-3+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
[2020-07-09] Accepted jackson-databind 2.8.6-1+deb9u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
[2020-07-09] Accepted jackson-databind 2.11.1-1 (source) into unstable (Markus Koschany)
[2020-07-01] Accepted jackson-databind 2.4.2-2+deb8u15 (source all) into oldoldstable (Utkarsh Gupta)
[2020-04-17] Accepted jackson-databind 2.4.2-2+deb8u14 (source all) into oldoldstable (Utkarsh Gupta)
[2020-03-21] Accepted jackson-databind 2.4.2-2+deb8u13 (source all) into oldoldstable (Utkarsh Gupta)
[2020-03-05] Accepted jackson-databind 2.4.2-2+deb8u12 (source all) into oldoldstable (Utkarsh Gupta)
[2020-02-21] jackson-databind 2.10.2-1 MIGRATED to testing (Debian testing watch)
[2020-02-20] Accepted jackson-databind 2.4.2-2+deb8u11 (source all) into oldoldstable (Emilio Pozuelo Monfort)
[2020-02-16] Accepted jackson-databind 2.10.2-1 (source) into unstable (Markus Koschany)
[2019-12-21] jackson-databind 2.10.1-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.14.0-1