Markus Koschany pushed to branch master at Debian Java Maintainers / jackson-databind
Commits: 4dfcebb0 by Markus Koschany at 2026-06-06T14:05:15+02:00 Add CVE-2025-52999.patch - - - - - 3e4d3ce5 by Markus Koschany at 2026-06-06T14:06:31+02:00 Fix FBTFS Closes: #1135410 - - - - - da1b34d4 by Markus Koschany at 2026-06-06T14:08:31+02:00 Update changelog - - - - - 7878b04e by Markus Koschany at 2026-06-06T14:20:30+02:00 Catch more IOExceptions. - - - - - 3 changed files: - debian/changelog - + debian/patches/CVE-2025-52999.patch - debian/patches/series Changes: ===================================== debian/changelog ===================================== @@ -1,3 +1,25 @@ +jackson-databind (2.14.0+ds-2) unstable; urgency=medium + + [ Otto Kekäläinen ] + * Enable Salsa CI to help avoid testable regressions before upload to Debian + * Fix broken Homepage link and add current upstream metadata. The site + wiki.fasterxml.com no longer exists. Replace it with link to the current + wiki location. Also add a metadata file following DEP-12, so it is easier + for both maintainers to find the correct upstream websites, as well as for + `git-buildpackage --add-upstreamvcs` feature to work. + * Define Debian packaging repository conventions in gbp.conf. + Add a git-buildpackage config file to show explicitly what conventions this + Debian source package repository uses. This way it is easier for current + maintainer to do e.g. new upstream version imports, as there are less + arguments that need to be passed to `gbp` commands, and also for any future + maintainer/contributor there is less guesswork. + + [ Markus Koschany ] + * Add CVE-2025-52999.patch and fix a FBTFS due to changes in jackson-core. + (Closes: #1135410) + + -- Markus Koschany <[email protected]> Sat, 06 Jun 2026 14:07:23 +0200 + jackson-databind (2.14.0+ds-1) unstable; urgency=medium * Team upload. ===================================== debian/patches/CVE-2025-52999.patch ===================================== @@ -0,0 +1,39 @@ +From: Markus Koschany <[email protected]> +Date: Sat, 6 Jun 2026 14:04:23 +0200 +Subject: CVE-2025-52999 + +Related to CVE-2025-52999.patch in jackson-core. Fixes a FTBFS. + +Bug-Debian: https://bugs.debian.org/1135410 +Forwarded: not-needed +--- + src/main/java/com/fasterxml/jackson/databind/ObjectMapper.java | 2 +- + src/main/java/com/fasterxml/jackson/databind/ObjectWriter.java | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/main/java/com/fasterxml/jackson/databind/ObjectMapper.java b/src/main/java/com/fasterxml/jackson/databind/ObjectMapper.java +index d16d83a..87a07ab 100644 +--- a/src/main/java/com/fasterxml/jackson/databind/ObjectMapper.java ++++ b/src/main/java/com/fasterxml/jackson/databind/ObjectMapper.java +@@ -3861,7 +3861,7 @@ public class ObjectMapper + * Note: prior to version 2.1, throws clause included {@link IOException}; 2.1 removed it. + */ + public String writeValueAsString(Object value) +- throws JsonProcessingException ++ throws JsonProcessingException, IOException + { + // alas, we have to pull the recycler directly here... + SegmentedStringWriter sw = new SegmentedStringWriter(_jsonFactory._getBufferRecycler()); +diff --git a/src/main/java/com/fasterxml/jackson/databind/ObjectWriter.java b/src/main/java/com/fasterxml/jackson/databind/ObjectWriter.java +index 744d17f..890b855 100644 +--- a/src/main/java/com/fasterxml/jackson/databind/ObjectWriter.java ++++ b/src/main/java/com/fasterxml/jackson/databind/ObjectWriter.java +@@ -1132,7 +1132,7 @@ public class ObjectWriter + * Note: prior to version 2.1, throws clause included {@link IOException}; 2.1 removed it. + */ + public String writeValueAsString(Object value) +- throws JsonProcessingException ++ throws JsonProcessingException, IOException + { + // alas, we have to pull the recycler directly here... + SegmentedStringWriter sw = new SegmentedStringWriter(_generatorFactory._getBufferRecycler()); ===================================== debian/patches/series ===================================== @@ -1,2 +1,3 @@ base-pom.patch set-java-baseline.patch +CVE-2025-52999.patch View it on GitLab: https://salsa.debian.org/java-team/jackson-databind/-/compare/4d1e35b448da6e375fa5728ac702177210a5ffec...7878b04ee66484663b586178fb46904bebed4635 -- View it on GitLab: https://salsa.debian.org/java-team/jackson-databind/-/compare/4d1e35b448da6e375fa5728ac702177210a5ffec...7878b04ee66484663b586178fb46904bebed4635 You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ pkg-java-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits
