-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 27 Jan 2018 19:37:47 +0100 Source: jackson-databind Binary: libjackson2-databind-java libjackson2-databind-java-doc Architecture: source all Version: 2.4.2-2+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding libjackson2-databind-java-doc - Documentation for jackson-databind Closes: 888316 888318 Changes: jackson-databind (2.4.2-2+deb8u3) jessie-security; urgency=high . * Team upload. * Fix CVE-2017-17485 and CVE-2018-5968: Bybass of deserialization blackist to disallow unauthenticated remote code execution. These CVE exist due to an incomplete fix for CVE-2017-7525. (Closes: #888316, #888318) Checksums-Sha1: 339e625f321ef1df40916f240962a4aa6b8cbb2c 2688 jackson-databind_2.4.2-2+deb8u3.dsc 250fd096cb10e56cb471a4b34a9e05c26094d1f6 8884 jackson-databind_2.4.2-2+deb8u3.debian.tar.xz 40403e491d64e5c35367a16c879f1dc6f9601b99 986180 libjackson2-databind-java_2.4.2-2+deb8u3_all.deb 96420399cd5a2c88ec5188d90ba27431ff1b77fd 4737360 libjackson2-databind-java-doc_2.4.2-2+deb8u3_all.deb Checksums-Sha256: e148edc0b6c112ef4d63abe1576e28cde6aa80c80423e05c34b1adb69d12bceb 2688 jackson-databind_2.4.2-2+deb8u3.dsc a98f12468a822a332a86ffb1d9e59d24524f16a5ea6d8e4636e05b067e097e2a 8884 jackson-databind_2.4.2-2+deb8u3.debian.tar.xz 64958a05caeca76846b4a064cf3fe9f2fe2b4de5d41df365c1e817ef51cc43af 986180 libjackson2-databind-java_2.4.2-2+deb8u3_all.deb 1a0084cb046d309beb6c04e02f21585328f000ba1ebf19d47014d79d899b4287 4737360 libjackson2-databind-java-doc_2.4.2-2+deb8u3_all.deb Files: 2d383e0bd2b4ca28e2e4939fcc85808f 2688 java optional jackson-databind_2.4.2-2+deb8u3.dsc 43f1592f62bec9fff65f015cb495c55a 8884 java optional jackson-databind_2.4.2-2+deb8u3.debian.tar.xz 7bf39b2a509bf5a23d8f673bb1225ae7 986180 java optional libjackson2-databind-java_2.4.2-2+deb8u3_all.deb 5f83f7c1e0ddcd484f2c02d80a38039b 4737360 doc optional libjackson2-databind-java-doc_2.4.2-2+deb8u3_all.deb
-----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqAd9NfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkCaMP/AuaPQ5hMZMO8fKx9PyeQV964RFfVqJ9gXSE b8Y/XUWg80TvBbxOGK5PMUfFr+eJelQ/Xi2PgbZqKRSh7dk3gT8qKgkXqgASUO0u bXntOJG/icNu4LVadjTQBlN82ObF7izdSY4PLPREbhn3zfF5VOKPPbJSeqRUocKJ Yjk5QVYWzS5hqGN5+mwNDRWzNGnA5kHgZG+CgR/zSsU76YLZ1LlIOZDh+1GR9PyW fUQ+T4Pjs5P0wPsHGLyOzPPNnNx+aKWu5cjqp5RRQiyJhGAjksxBUahcvoj4QQ0i SJ7U2tADdZrIXy66YxliuWju0f+tyFDNhQzCzC/Q6b6uP9fE+4yHa5fer1ZKROfx k71vMON0YXTWiDj9jHvkc/YtkT+XcOfJNMwhYJJzIfIvwiv3zBuoPnSInvQ282Og J10uE4XnnRNsgpsZRZIoScJm3ZSKa1qAprX7cR/P+b1YGgLlGSWR+TwYA2eEp+6i tUrPjcPx97DZOHSS4xBzqKrmnVwXNmFjpnhGsNX3cy3t563pksYq5iXRAYVEeayU GnGrvDcky4bm3JnykkpjCK/2lfTTwkHFfX3T2tR1ZpB2d9rbRQyHvJ7//FyswKo5 QbiFoCup7Bb2amK2m4HSos4CkuVktIJVJX9+Pn1GzBVlUbbqdnHn5AV+k4r9aw0r I766dhvg =ruD8 -----END PGP SIGNATURE----- __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.