Back to jackson-databind PTS page

Accepted jackson-databind 2.12.1-1+deb11u1 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted jackson-databind 2.12.1-1+deb11u1 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 19 Nov 2022 19:47:25 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: jackson-databind_2.12.1-1+deb11u1_source.changes
Debian-source: jackson-databind
Debian-suite: proposed-updates
Debian-version: 2.12.1-1+deb11u1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=7eUUM5ZV4PWExKBv4PBpiT9AAw6zYg9ros7CJ2Og3Z8=; b=N6zcscTARdfEy6qcy4Mh8kPypc W8Ncq5nJSJgsNpYpo0j6GhpLh3f9cA1LMI88iV7pniGC3NR/2FdXQ5wxANdrxuQLhQKy4BI27xZ/A zY6Sr25E5NXFqn33vQqUnB3QknoY9tBI3tP29dqPCERlbDV0TRP1kIb+GPvVm4KUJnKo1ricO0J4x HmFZdQosCuDz2iivxMIC9fWswTJTi0uqk6ddKPxcT7F69cPyi0Ho38TPezUzEPjN7WtTYJn/obZNN y98P1egpKeg0KFjZ2StsuGg2WEArdfy+ppuEL7Z85cQBRlYpVtv8z6LidbLUb2iPSrIx6/ZQwIDbA QUAaf2yA==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1owToD-005QPa-Ru@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Nov 2022 20:21:49 CET
Source: jackson-databind
Architecture: source
Version: 2.12.1-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 4d28c66afc01c0a8813ff3e8a5419e1cc8a80ba8 2722 jackson-databind_2.12.1-1+deb11u1.dsc
 f6ea260696b7d41eb252b7ac71912e551cb05753 982580 jackson-databind_2.12.1.orig.tar.xz
 5f54350cae517bd856137c4f0fae52396b802be1 10508 jackson-databind_2.12.1-1+deb11u1.debian.tar.xz
 9ec8a2e494ddeb048a542d6daa504f784ade0d87 17640 jackson-databind_2.12.1-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 a1642d4aaa945d1cdabb8663106b62dbb735abf7bce980a77956f8b8b1471033 2722 jackson-databind_2.12.1-1+deb11u1.dsc
 ff150815861e70874eb185f0c8ab9c88e6dc1e92bc93ddde6ecb58468231481c 982580 jackson-databind_2.12.1.orig.tar.xz
 70c5e9ce18f1aa52c21956bfe0b259be2130a8abe700e3e8e1951ac57d752ce0 10508 jackson-databind_2.12.1-1+deb11u1.debian.tar.xz
 ab1b37ebe54754cf1679a2f607048850b4eeb99e902683419980bac2ce714196 17640 jackson-databind_2.12.1-1+deb11u1_amd64.buildinfo
Changes:
 jackson-databind (2.12.1-1+deb11u1) bullseye-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2022-42003:
     In FasterXML jackson-databind resource exhaustion can
     occur because of a lack of a check in primitive value deserializers to
     avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS
     feature is enabled.
   * Fix CVE-2022-42004:
     In FasterXML jackson-databind resource exhaustion can occur because of a
     lack of a check in BeanDeserializerBase.deserializeFromArray to prevent use of
     deeply nested arrays. An application is vulnerable only with certain
     customized choices for deserialization.
   * Fix CVE-2020-36518:
     Java StackOverflow exception and denial of service via a large depth of
     nested objects.
Files:
 51fc3dbcc90ad2469079dc36d64d06db 2722 java optional jackson-databind_2.12.1-1+deb11u1.dsc
 b3c731f366e3abf6ff909768b4981441 982580 java optional jackson-databind_2.12.1.orig.tar.xz
 9828a87ba936b78b526e594be21b046f 10508 java optional jackson-databind_2.12.1-1+deb11u1.debian.tar.xz
 4e823079960706afc737a61225762fa2 17640 java optional jackson-databind_2.12.1-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNz54dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkVowP/3GIXfwowU1hHCc3SLPkTXxiAv/hkbwZr+V3
u9LbwhoOqe5ANzst028p4WQ8MQ+eMOoHh6rM9tLnrqZt2MbTEOoW0a/1vr2D6J5m
gYlUEjj+b1+Z9+3ya1oF27xwfoq1fLCru3o6UPYoVhV2r6JqAPB5wxWvTkHWcowa
EcBgvdnq80ULlVfbkmG5vESxlUuGTr3NjRg+xlMIkiCozzkk8d4F7jzRzHhFzmX6
tFX/HwfmVJY68zg2kNjQxFqS3VYxKduX44Zipd3yGCoCNg9Jp6VxPaKTcVEvLsTa
Y4WtzBrSY9a3S2brJ8wUX6H+ui1eqSKCxshv7iUvIcLEhvtMFsX8dmFa7/CIPn1o
LJXN7P2v+729WIDGiAgu3b3h3uEEEkvEwHCDfTY9nrsfbO4+auTl/zBNtjqUHgCl
Bz4vDyb7fVc9P1cx3kHYCxUM8eMUPrNppXhg7XWeEEw/g9o2JhtB6SJItuTFxRXf
iyVoENS1SKHIaUzk3/ATbI5n+a1SNlPCyr8Hu6E0YwfA0XC/fKEG4Ak8H+lYfiwR
lWDEd+Pa7zQ/75GQyrCA/x2L+TK41yr4kFVsRw57THy757hrrAlprgL2R0R9Xw2J
4EUsddcJJspdKNq3Fqger7yVvbDv+iQflOxbIeq9wjrcD4ZbwIvF9Vdp1HZpPP9y
k5CKhbo1
=WK+r
-----END PGP SIGNATURE-----