-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6336-1                   [email protected]
https://www.debian.org/security/                          Markus Koschany
June 10, 2026                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : jackson-core
CVE ID         : CVE-2025-52999
Debian Bug     : 1108367

A flaw was discovered in jackson-core, a fast and powerful JSON library for
Java, which may allow an attacker to cause a denial of service by using deeply
nested JSON data.

Please note that related and complementary jackson-* packages like jackson-
databind or jackson-dataformat-smile had to be upgraded as well in
order to fix build failures caused by the changes to jackson-core.

For the oldstable distribution (bookworm), this problem has been fixed
in version 2.14.1-2~deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 2.14.1-2~deb13u1.

We recommend that you upgrade your jackson-core packages.

For the detailed security status of jackson-core please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jackson-core

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmop009fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTcvBAAgyICDGoLUoz6k6eEZdqxghFK9IYWLSxLWJRzSvcsqNQVnioKG8UMcwNg
k7UCbqpvRMpHjROT676023mZKAox9AdrOuy2loRoYPi/0Gu1iNaBCWkF+qqAlw0i
Yf+qDOG9aBDHwucxz3M1SXEmYIJkbqKUTxwsCTz1sfsALrnsRIXDM0MJJ9SdSdsK
E4Hv0XVg5K2l8SQrtFGI5UotdyZS2N9XO7uVJuriagxsW1eQTqdnqnHvKVWc8Ia7
ApLbB3qOO1R5lvefihXCpwabZSq6BGf9lGVMvr2KAPqTWdYCBw7ClY32J0aKO6vo
pY4k3dWDtOCZo2zyz798RoJBgAOZU04IMWzMt4Gpk05vSRP85gHeBzg6KH1TYbwx
WuVTQi5mIjEAOwXsGOsYXrK31W0pZ3NocDxpbaqDkJlLu3S/7/QhAcVCVmLjuhd3
wuUloz7tGZuUU2dSyIfWMkdg9WQHTSQk7/h/u1h6dk59nfQKMAAt1hCIUWoXtj1Q
bPb9INAJXpMdvPT4koIw7pieqYilRJeu7nVsz8t0SZp7WR+vt4owFck7aclVmum9
Vx/WC0ZGWAWzy77dx0uOZlE5t6iGpdL88fJOq4FLUEht84mde8bUZ1b0Mi98Q8+D
yDLNvUcJT/Pcz8J1FnWuBwp3zS6p/u3gHfeu1/jiUh48ha7nOtM=
=t2oC
-----END PGP SIGNATURE-----

Reply via email to