Bug#888318: jackson-databind: CVE-2017-17485

On Wed, Jan 24, 2018 at 11:11:13PM +0100, Salvatore Bonaccorso wrote: > Source: jackson-databind > Version: 2.9.1-1 > Severity: grave > Tags: security upstream > Forwarded: https://github.com/FasterXML/jackson-databind/issues/1855 > > Hi, > > the following vulnerability was published for

Bug#888318: jackson-databind: CVE-2017-17485

Source: jackson-databind Version: 2.9.1-1 Severity: grave Tags: security upstream Forwarded: https://github.com/FasterXML/jackson-databind/issues/1855 Hi, the following vulnerability was published for jackson-databind. CVE-2017-17485[0]: | FasterXML jackson-databind through 2.8.10 and 2.9.x

Bug#888316: jackson-databind: CVE-2018-5968

Source: jackson-databind Version: 2.9.1-1 Severity: grave Tags: patch security upstream Forwarded: https://github.com/FasterXML/jackson-databind/issues/1899 Control: found -1 2.8.6-1+deb9u2 Control: found -1 2.4.2-2+deb8u2 Hi, the following vulnerability was published for jackson-databind.

Processed: jackson-databind: CVE-2018-5968

Processing control commands: > found -1 2.8.6-1+deb9u2 Bug #888316 [src:jackson-databind] jackson-databind: CVE-2018-5968 Marked as found in versions jackson-databind/2.8.6-1+deb9u2. > found -1 2.4.2-2+deb8u2 Bug #888316 [src:jackson-databind] jackson-databind: CVE-2018-5968 Marked as found in

[clojure] 05/06: Fix typo in changelog

This is an automated email from the git hooks/post-receive script. ehashman-guest pushed a commit to branch 1.8.x in repository clojure. commit 0a85bccc9d2054428d8a95289591935ebdf966ed Author: Elana Hashman Date: Wed Jan 24 14:26:47 2018 -0500 Fix typo in changelog

[clojure] 06/06: Fix rules to reference right source name

This is an automated email from the git hooks/post-receive script. ehashman-guest pushed a commit to branch 1.8.x in repository clojure. commit 6878633818c2937dcfe39cd91cadc808d2786a0d Author: Elana Hashman Date: Wed Jan 24 14:34:27 2018 -0500 Fix rules to reference

[clojure] 03/06: Update Standards-Version

This is an automated email from the git hooks/post-receive script. ehashman-guest pushed a commit to branch 1.8.x in repository clojure. commit 07006f6304b260de000450053538a09bbffe3aaa Author: Elana Hashman Date: Wed Jan 24 14:12:56 2018 -0500 Update

[clojure] 01/06: Rename package to clojure1.8

This is an automated email from the git hooks/post-receive script. ehashman-guest pushed a commit to branch 1.8.x in repository clojure. commit b8369330ff15587743cb57a28f44140665531d2c Author: Elana Hashman Date: Wed Jan 24 14:09:56 2018 -0500 Rename package to

[clojure] branch 1.8.x created (now 6878633)

This is an automated email from the git hooks/post-receive script. ehashman-guest pushed a change to branch 1.8.x in repository clojure. at 6878633 Fix rules to reference right source name This branch includes the following new commits: new b836933 Rename package to

[clojure] 04/06: Point GBP config at the correct branch

This is an automated email from the git hooks/post-receive script. ehashman-guest pushed a commit to branch 1.8.x in repository clojure. commit 094f2d93a34e00fd894a478ddb828cdccfdb32f8 Author: Elana Hashman Date: Wed Jan 24 14:18:04 2018 -0500 Point GBP config at the

[clojure] 02/06: Add myself to uploaders to match 1.9

This is an automated email from the git hooks/post-receive script. ehashman-guest pushed a commit to branch 1.8.x in repository clojure. commit 232f516aa4e24df4d5b98d103fb3c8df7325f3be Author: Elana Hashman Date: Wed Jan 24 14:11:54 2018 -0500 Add myself to uploaders

Bug#888270: Oracle's naming scheme has changed with Java 1.9 breaking make-jpkg

Package: java-package Version: 0.56 $ make-jpkg serverjre-9.0.1_linux-x64_bin.tar.gz Creating temporary directory: /tmp/make-jpkg.T2DwKXL7lO Loading plugins: /usr/share/java-package/common.sh /usr/share/java-package/javase.sh /usr/share/java-package/jdk-doc.sh /usr/share/java-package/jdk.sh

Bug#888255: RM? Upstream dropped support, security important, newer version packaged

Source: netty-3.9 Version: 3.9.9.Final-1 Severity: normal netty is complicated security code so needs support. netty 3.x support was ended by upstream in Jun 2016[1]. netty 3.9 hasn't had an upstream commit/release since Jul 2015. The latest version is packaged as "netty" and supported.

Bug#828451: netty fix released, netty-tcnative patch accepted

Upstream have accepted both patches. netty 4.1.20 has been released, which will run against a patched netty-tcnative. There hasn't been a netty-tcnative release. netty-3.9 is still in Debian, which also depends on netty-tcnative. netty-3.9 has 14 build-rdeps. Eurgh. __ This is the maintainer

tomcat-native_1.2.16-1~bpo9+1_amd64.changes ACCEPTED into stretch-backports, stretch-backports

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 15 Jan 2018 11:19:46 +0100 Source: tomcat-native Binary: libtcnative-1 Architecture: source amd64 Version: 1.2.16-1~bpo9+1 Distribution: stretch-backports Urgency: medium Maintainer: Debian Java Maintainers

jetty9_9.2.23-1~bpo9+1_amd64.changes ACCEPTED into stretch-backports, stretch-backports

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 15 Jan 2018 12:14:56 +0100 Source: jetty9 Binary: libjetty9-java libjetty9-extra-java jetty9 Architecture: source all Version: 9.2.23-1~bpo9+1 Distribution: stretch-backports Urgency: medium Maintainer: Debian