-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : jackson-databind Version : 2.4.2-2+deb8u11 CVE ID : CVE-2019-20330 CVE-2020-8840
It was found that jackson-databind, a Java library used to parse JSON and other data formats, could deserialize data without proper validation, allowing a maliciously client to perform remote code execution on a service with the required characteristics. For Debian 8 "Jessie", these problems have been fixed in version 2.4.2-2+deb8u11. We recommend that you upgrade your jackson-databind packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5Oqe0ACgkQnUbEiOQ2 gwLYqw//e1XLJ1OluHoMmrM/STWiS2xV3LU9LMLX4smVl0hyhOHp5ASVEFVUt7jy Djfm8x1HWpzsOJc1CZWhdp8Fo8Ya3M30WQy9C2xxe13/EQivATSw1az7vSG6Rav4 vNE71hGGe8Gcj36ZDIsA7uBBuAn3UnU0oObAKuYv41hzhOlKTmWPqIdjee3juOpL CLiXuqSTAgG6G/FnwU4rGMWZf6SXWsl+UxHmpP0QqJQqqacYDgQ1yj1UAEOY4+6b gEhvrqkY6bmRc0wmDnGc/LaUQQy7Ag3WRaee5Q7hwjEQuzfwWVazE2YUvoNurUd9 +FfXRFaClJ0W6cUVcjH8/HzamboFu481t76y6yTlB35ghmCqsnTozDiHZ5HuIFJr HzODt0CP2sNyHRCcuTvMfXcZzOGTzUipX/zriRMar3KuAYnLqBwilpBtnsOAwC+Q VQLXqsO/5sNioCQhhvnmY144fit7JXF+VD6UWCySenQfoLJZqVqlL/N5IDJfpVDI I6BTdK2jJBb4bpiYru3WweShxisB8/Rsq9DexIE6d9BCK2sU1NJmls+hRKTsOR4H a+mDZlcyFwVMaylCm15Izejgg7svY06f+GFLpWhlcOzVvpdYfXChB1g6l8DYINEa OLK/IZU6b07/q6nRWBvd68btR4+hkMYa5HAwwsQ3q/fKqj6ZBpA= =EuIx -----END PGP SIGNATURE-----