Accepted jackson-databind 2.8.6-1+deb9u9 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 25 Apr 2021 00:23:13 +0530
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source
Version: 2.8.6-1+deb9u9
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Description:
libjackson2-databind-java - fast and powerful JSON library for Java -- data binding
libjackson2-databind-java-doc - Documentation for jackson-databind
Changes:
jackson-databind (2.8.6-1+deb9u9) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Add patch to fix:
- CVE-2020-24616: Block one more gadget type (Anteros-DBCP)
- CVE-2020-24750: Block one more gadget type
(com.pastdev.httpcomponents)
- CVE-2020-35490 and CVE-2020-35491: Block 2 more gadget
types (commons-dbcp2)
- CVE-2020-35728: Block one more gadget type
(org.glassfish.web/javax.servlet.jsp.jstl)
- CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, and
CVE-2020-36182: Block some more DBCP-related potential
gadget classes
- CVE-2020-36183: Block one more gadget type
(org.docx4j.org.apache:xalan-interpretive)
- CVE-2020-36184 and CVE-2020-36185: Block 2 more gadget
types (org.apache.tomcat/tomcat-dbcp)
- CVE-2020-36186 and CVE-2020-36187: Block 2 more gadget
types (tomcat/naming-factory-dbcp)
- CVE-2020-36188 and CVE-2020-36189: Block 2 more gadget
types (newrelic-agent)
- CVE-2021-20190: Block one more gadget type (javax.swing)
Checksums-Sha1:
0bffdeeb972e93ef2dfc51f50758edf0943f1605 2575 jackson-databind_2.8.6-1+deb9u9.dsc
aae04605306eeced23c61e0d8ff1eff9c2ad94f8 13344 jackson-databind_2.8.6-1+deb9u9.debian.tar.xz
52b61dcb6195f10aa174a0e991beef916c6c8dbd 17026 jackson-databind_2.8.6-1+deb9u9_amd64.buildinfo
Checksums-Sha256:
a0432ee836d3c72bf72a64836a9474e13eb61a0bc6c6cf7a3e0790b41d8f1784 2575 jackson-databind_2.8.6-1+deb9u9.dsc
0aec694a4cc6381eb4d4fd397233a3dd59f25b5c7e4ed42c1d7cdc72483bec72 13344 jackson-databind_2.8.6-1+deb9u9.debian.tar.xz
e87466fe2709af0006ce1cf6523720592f6bb8e7a67e8b02b1080eb3b0045d75 17026 jackson-databind_2.8.6-1+deb9u9_amd64.buildinfo
Files:
e1b85dc8f72263d40064c0c7e6bdbce6 2575 java optional jackson-databind_2.8.6-1+deb9u9.dsc
54d4da8d71f280c885f0e3eae55f1ba2 13344 java optional jackson-databind_2.8.6-1+deb9u9.debian.tar.xz
49a3a5d8a240c15861b4435900a442e6 17026 java optional jackson-databind_2.8.6-1+deb9u9_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmCEatMTHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLliysEACnRrPSoeiaPh0t7dAJRymXKvqtVd0U
iplwByMWIYW9HIccnQ9ZxUKgBYYsCYSv7/1deBkG8ZSX3wQ+SoQUD58VprSSwaOB
iTLHIVB09ddETh1SJDUHiGQGl6ipb7K23mbzGu06PnMqLqLIwZdLlpwBJZbhlLmk
L0Zq+x7zhKEoDjXkiaBY7XAnRXvDtUbr6FbLXV8P99y3ENpY9Usnch98rVkVN5+Q
CR6IK1knsyOhA9kcG508PbESxdZDrSfIvc69EhLzHCLvowD+XsQUKOTa81plhXc4
OPQal4Bkx7deYh4FhLa6v/xNiJtzefCeL4l0Ym3a4xe3SVOl53qt7EKvrKGN0FPR
nGR2Yro1yfqdN44TjSQZdZBc4IUEpU/7O2HZ1qVICRuu2yiS59A4M8ptUJjy42Az
3O98VP8zQeXRj9RpqozfdsSRI91Ogh/faFPeo8VmxRLbHymMyieRqDALVjdLPjiK
0EQp+GvnGM5b9wAcN7tpViMAaBk7FZkydPZ6Ym1d01X3x6t9E+AP8tekkUxSEmiv
J9TA0D3hSWUmbO6h5tbJrscmWpO9GLcDH7EALTsktd3db0naWHBcX2N9oRyLxPP4
jp4sfTLnJQydST9fqot7d+5n37DLpC6+mao8lFGzhxXTcQp81itbwuBWNzXQ+xBu
tua9HnPRi7INDQ==
=ZlOq
-----END PGP SIGNATURE-----