-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : jackson-databind Version : 2.4.2-2+deb8u10 CVE ID : CVE-2019-17267 CVE-2019-17531
More deserialization flaws were discovered in jackson-databind which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For Debian 8 "Jessie", these problems have been fixed in version 2.4.2-2+deb8u10. We recommend that you upgrade your jackson-databind packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl3v6dJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTAkQ//T3ec5xV91lcC7u9kGlDDnYEzxlDF9RSiVOXfjI75yPd6vhYBoxHh+OCZ ifJ5skjUf5dsRHmGtdoLPUcQ3hNu4U7Td7rHh5i9m1rROaKVOfmke/98hCt4H2dh LHWR6FCK6F6Qi/5EvzTgu1pP2UB+QbWgt8sy3Ria0lU9+K46G967A7JWhODdkeno Bgjv9L1dB/wvraYfBRBeC3OmvJo9J+gDUKd6Asf/hsodGB1X5CynpxjVu46ejwff uGnW73K4HZycok8BV2jn+cFE5FQWwNISibX4RcuUOwFv428tkNSxYoED9E9XxaVQ uBTbjnuTPHxgdyu9+oPJVrGl4mQJmrNwcNgJvgQxqi8AbN/DpmQAwCoc8g3P1Yd6 +9Dl3lmX+NTE43QAGl+bTms/DHy/4VPsPV2qpw65rHKPphQBwKifVTPrXaIuPfRq 2c2Sij8m4wa3MlbYTTIOMtJS8mmd65V+EJlrFk4KeHf08prZjY44K652cJaSPCO4 L5g+WAIPKaLWG5j5hlBtHpIcq+185FwWFBTB3JsACtEiFBzz4Y1Lm0Pi0DU/nhj6 z+43IOC9I4k1t12/ff9mWNrtQNJsEMwhZv/hnbNcIRzyJSpzV22+1aSlcoibTvfg cb5oERNVAXEjc7g15Kclp5oycS6A4wtUv/uuFQIMSJ2B20cdNPY= =k6JS -----END PGP SIGNATURE-----