Hi, On Wed, 24 Jan 2018 23:02:44 +0100 Salvatore Bonaccorso <[email protected]> wrote: > Source: jackson-databind > Version: 2.9.1-1 > Severity: grave > Tags: patch security upstream > Forwarded: https://github.com/FasterXML/jackson-databind/issues/1899 > Control: found -1 2.8.6-1+deb9u2 > Control: found -1 2.4.2-2+deb8u2 > > Hi, > > the following vulnerability was published for jackson-databind.
[...] Thanks for reporting. I had a look at jackson-databind in Stretch. We just need to apply the patch to BeanDeserializerFactory.java again. As for Sid upgrading to the latest upstream release 2.9.4 should also resolve this. I'm working on it now. Regards, Markus
signature.asc
Description: OpenPGP digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
