Accepted jackson-databind 2.8.6-1+deb9u5 (source all) into proposed-updates->stable-new, proposed-updates

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Accepted jackson-databind 2.8.6-1+deb9u5 (source all) into proposed-updates->stable-new, proposed-updates

Markus Koschany-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 19 May 2019 00:04:32 +0200
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source all
Version: 2.8.6-1+deb9u5
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <[hidden email]>
Changed-By: Markus Koschany <[hidden email]>
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data binding
 libjackson2-databind-java-doc - Documentation for jackson-databind
Changes:
 jackson-databind (2.8.6-1+deb9u5) stretch-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
     CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
     CVE-2018-19361, CVE-2018-19362 and CVE-2019-12086.
     Several deserialization flaws were discovered in jackson-databind which
     could allow an unauthenticated user to perform code execution. The issue
     was resolved by extending the blacklist and blocking more classes from
     polymorphic deserialization.
Checksums-Sha1:
 e45494a159250666646a5dbb61ead28153039472 2694 jackson-databind_2.8.6-1+deb9u5.dsc
 e0be7dc91d1b0eef2806f9be1132b7ff22646aae 9908 jackson-databind_2.8.6-1+deb9u5.debian.tar.xz
 f12080ee420fcdf85bb04ba1831a61f88f9fa623 16865 jackson-databind_2.8.6-1+deb9u5_amd64.buildinfo
 9525b80f9058aaafb2fd4668491646aaf7094d53 1229300 libjackson2-databind-java-doc_2.8.6-1+deb9u5_all.deb
 1d71cbb88dbf82d7dba3b8cf6acbe7de5d2302dd 1155458 libjackson2-databind-java_2.8.6-1+deb9u5_all.deb
Checksums-Sha256:
 d3df7ab6811e670d4ebb81c366e69e6bcf1c0a30b04f2b7c11d96a42ec3a51ae 2694 jackson-databind_2.8.6-1+deb9u5.dsc
 ea39271b1dc98bbded4bab39d5aeef4e722670edc66718154d4a0aeb451e35a0 9908 jackson-databind_2.8.6-1+deb9u5.debian.tar.xz
 ce8c0f218012a82bae8f44413fd1459fb9603f747441f4155210e178785e0fc4 16865 jackson-databind_2.8.6-1+deb9u5_amd64.buildinfo
 1b544a146a196233a5c83f3e923d4feb502a8b11999f939c7f8a598b101cb768 1229300 libjackson2-databind-java-doc_2.8.6-1+deb9u5_all.deb
 6cb7d9aefc2740b8b41792e8773ee65a34abaa52c0a0e924bfa2c8ef9ccaf748 1155458 libjackson2-databind-java_2.8.6-1+deb9u5_all.deb
Files:
 70f43a206f98bfc3a0d9fe31b437b9c7 2694 java optional jackson-databind_2.8.6-1+deb9u5.dsc
 fc5153c59ba148dbcdae4c84a266e6b1 9908 java optional jackson-databind_2.8.6-1+deb9u5.debian.tar.xz
 52a749c748b43e1ed4449225b6ec6632 16865 java optional jackson-databind_2.8.6-1+deb9u5_amd64.buildinfo
 5c16298a503aff86601b16bab802a6d4 1229300 doc optional libjackson2-databind-java-doc_2.8.6-1+deb9u5_all.deb
 5b3de48ded88b320f4dfab7d85141a11 1155458 java optional libjackson2-databind-java_2.8.6-1+deb9u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlzm3t9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HksrgP/RXl+UO5wkQwXTKjjKxqqie7w0sFuYtjbq/8
A3CTviqJsqo2jeuL1lBOgcYKNH4ePRBXgRmp/BW7gqa7FOTnqA21H/fRhlEelrZT
Us0TwfhucG84dra5Mm5fT3umqPsho8DsBNmO1n4WMvqsjBX/UOGasLLSfbEXMOwO
//vD7EdAZSapxuXD0tAb01NJ0Yhic3gnEkgaenK9X/i+W6KE5tikhYGqBrtfsp4V
oWnMsZGWCee3/zlbZcxroUFAWwkLKZh37JxtbRKTGqcDgi3cDsDStkgMs/Pi6rAA
EMQ4vy7+zaIbiAk30nfnmjgt+VF74BzLvnRrs0aGOO6TDfPtFc+ZgI7Dc1Zf1Gu2
dXW3K5EjppvjbESwaBo5x4+eCdzf85sIrxVSxTd2cyOOkSFfiGfVBsN3+ofP9GyY
C1i9eBnn97HfWPnnd33VSXK5te19Pl8JuNOPIkfCa9XU/PKBOWgDEMAisyzcOTVZ
Ch7n32n8E8fLNS9g/g/hyFF1DtuMhn/Fb5v+iZuDfsEUKAJ0Q0OYPq+BGw9ICcxB
M9ha86vYHgw5Ydf8t8xhTjEL8KjLaWzp+dP8O4falhnq6cFJW9Xi4KsQWc/yu+XR
TFsDlDUVcbc0PVVr48vvLc66wLgQgIcPZ9fbd+bpuatlR9slWoXRv8HeJFps45fx
hVmPHmJn
=nycP
-----END PGP SIGNATURE-----