Control: tags -1 pending On Mon, 16 Sep 2019 15:14:37 +0200 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: jackson-databind > Version: 2.9.9.3-1 > Severity: grave > Tags: security upstream > Justification: user security hole
[...] > p.s.: wondering where that will going to end ;-) Hi, I also think it is starting to get silly now. I will upload 2.10.0 to unstable shortly but I suggest to address these kind of issues from now on only via stable-updates. This can be done two or three times per year. It is basically just adding new classes to the blacklist. I believe the whole approach of blacklisting classes is not very sophisticated. Regards, Markus
signature.asc
Description: OpenPGP digital signature