Accepted jackson-databind 2.9.8-3+deb10u4 (source) into oldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted jackson-databind 2.9.8-3+deb10u4 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 27 Nov 2022 18:20:22 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: jackson-databind_2.9.8-3+deb10u4_source.changes
- Debian-source: jackson-databind
- Debian-suite: oldstable
- Debian-version: 2.9.8-3+deb10u4
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=XtylXfw1MKAp96tLa/JyWmjYCtT9bsm80hDwHmSA708=; b=ZpBZSGWnof6Aqtsv27N+WHTsZl 4yLXp3/aVZ2xVuSgxXWBN6zY8q9Mz98bqMs3hokUjaod+wUqBlPvF+OUZ5KAGAbpGFEOX9+lCw6LE N1vpARvw2+C1z7bz4+QanC2+wSq+AsRbHAE7IATUkfBAK/QCMi7g74hhyTSOpLyP60IQSgSa8gyMF 7G7v7gocdjst6RwlkVKRT94NYDcBAtsy0fx+pMmpbpdo5Q29J7U9u2DJjKcW+WQ5ZMC9UGp5HNeLN nKnZ3BpIPACwM4pjiXgTwAmeBYphgA7ftjHkOO1R01SwkIBU+BTkIeiDuhttPbXMho0T4ibLodNHV KTC2BcMg==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1ozMGM-004lrn-5R@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 27 Nov 2022 19:01:36 CET
Source: jackson-databind
Architecture: source
Version: 2.9.8-3+deb10u4
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
d43ae0efba911bbc88f706286d278c7a9f7de6e5 2714 jackson-databind_2.9.8-3+deb10u4.dsc
53c0a3f176d399947956ce8cba5ba5bde4305e4f 14092 jackson-databind_2.9.8-3+deb10u4.debian.tar.xz
73ef03dfef980cb9a397d0aa91d8424c36235473 17351 jackson-databind_2.9.8-3+deb10u4_amd64.buildinfo
Checksums-Sha256:
18f341fee2e63ba4e06261dd352a5d54fdcf405b1f322ba87e38fe62c644b12c 2714 jackson-databind_2.9.8-3+deb10u4.dsc
1ae1a33b2a80e4374368ce888136ae16a3103898de24243e902cf49dc07565c7 14092 jackson-databind_2.9.8-3+deb10u4.debian.tar.xz
09f1d9a1f5b78b60d267931095170b079eff5a09a5f868dc5f452c70889dafee 17351 jackson-databind_2.9.8-3+deb10u4_amd64.buildinfo
Changes:
jackson-databind (2.9.8-3+deb10u4) buster-security; urgency=high
.
* Team upload.
* Fix CVE-2022-42003:
In FasterXML jackson-databind resource exhaustion can
occur because of a lack of a check in primitive value deserializers to
avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS
feature is enabled.
* Fix CVE-2022-42004:
In FasterXML jackson-databind resource exhaustion can occur because of a
lack of a check in BeanDeserializerBase.deserializeFromArray to prevent use of
deeply nested arrays. An application is vulnerable only with certain
customized choices for deserialization.
* Fix CVE-2020-36518:
Java StackOverflow exception and denial of service via a large depth of
nested objects.
Files:
28bed2f88a2dcc91ddd3ea7ae5c55348 2714 java optional jackson-databind_2.9.8-3+deb10u4.dsc
7167fa0f66c8732fd2b1ebc1627cce17 14092 java optional jackson-databind_2.9.8-3+deb10u4.debian.tar.xz
c0f442c7bb498fa8f905d7ee1de71a5a 17351 java optional jackson-databind_2.9.8-3+deb10u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmODpgRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkM3gP/13aF+dDENq6lrcxViRQnlUqDwaI5eQFF/kl
gAP9UGeJ0uPvNqHiTBsNwGfoWV3su0FfEvEk7KJ3v/LV0BOVIXn3/3LID3XehtMO
Lwgj3qqg1ac6fx31cUIHSnHbq6IovZiCZl/0wJ/zcGh3TUosZpOFrVUWsMVeAu2r
34TIpLs7e3NJOOzIMos6TKzKr8wtoybbapYqYdWifkXmRE9/X9pAD8xCAuBkQtXC
f37qh2Oly7Ph1mcJdXg/rjmeBIgk7vO/Y2flupMvQrdgw7Dg2SBxwp9afVGK/VEh
QVCEexhpUywuVp34uiWD6TcOYXzN/DbJm9MFpcRlCNFK7NoDlsDln9MUnwb/nUn5
oJDMax/c9Rq0mlKfEXWL3AnH5DX2FxYDvuKCCpYo+CELb23VeSRVA6kBrPrG4afh
dJPoJlX/Pzxb/Bex0EcDYJpBrM9yAdS1dBpiGRDOrrutRms4036U1tgw7w0+MkZr
vlDK8PgcL60AbZhDVGVRvaMwnaoc0+mYDFxSo8ccsZpb27kz0H2lk+pBEEXADl4g
mz0VJqk8gF5svPhhHA2/TPGYK3rv2M/xsCt4mGk2yhCnCiB7UyapHToR88AHvchU
lIuCp5k9WnpXORI6Ku/887xcHQYVYFkiT2adEowgys2mNE7hk+A1PO6FazFQ/iWa
smYzh8DT
=z2bf
-----END PGP SIGNATURE-----