Accepted:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 27 Jan 2018 19:12:39 +0100 Source: jackson-databind Binary: libjackson2-databind-java libjackson2-databind-java-doc Architecture: source all Version: 2.8.6-1+deb9u3 Distribution: stretch-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding libjackson2-databind-java-doc - Documentation for jackson-databind Closes: 888316 888318 Changes: jackson-databind (2.8.6-1+deb9u3) stretch-security; urgency=high . * Team upload. * Fix CVE-2017-17485 and CVE-2018-5968: Bybass of deserialization blackist to disallow unauthenticated remote code execution. These CVE exist due to an incomplete fix for CVE-2017-7525. (Closes: #888316, #888318) Checksums-Sha1: 0ad8f9644b1a4446dbbaa709de1ab2827d1b631e 2694 jackson-databind_2.8.6-1+deb9u3.dsc 7fa80128b6793f82a4982f0bab47b14cf68bf47a 8424 jackson-databind_2.8.6-1+deb9u3.debian.tar.xz d4093936a3bf78a5e2c8377efc7323f1cb61cfa9 16475 jackson-databind_2.8.6-1+deb9u3_amd64.buildinfo 76e1f8e7470db4d505c39db3f857caebedfd39c0 1228842 libjackson2-databind-java-doc_2.8.6-1+deb9u3_all.deb 782823cff9a6a7a092dd3ef9d16a50d39ade14c0 1154694 libjackson2-databind-java_2.8.6-1+deb9u3_all.deb Checksums-Sha256: 61aa763d90694a021239bb6ee80400657ab467d76fbe82c6d6333db0d64d3912 2694 jackson-databind_2.8.6-1+deb9u3.dsc 00ab252cfc0253a28dc7e73248302bc1d717f23b43e25fbd8ce6c7fe6b260e82 8424 jackson-databind_2.8.6-1+deb9u3.debian.tar.xz b8a011e559004daf812f3f42b111ffad035b803cf6049b4e090d833f8f8215f0 16475 jackson-databind_2.8.6-1+deb9u3_amd64.buildinfo 60457f1efdda8be7c7d8e73f670d809b6aa0d73746f3ab6cd0940de7477883a7 1228842 libjackson2-databind-java-doc_2.8.6-1+deb9u3_all.deb cecd0c322485064fa6e2b158aa9a1f57050ca7ac4255cddd18c5e25e2cad55d5 1154694 libjackson2-databind-java_2.8.6-1+deb9u3_all.deb Files: 5583ccd0f59a9b0ac6ea6bd4db89f101 2694 java optional jackson-databind_2.8.6-1+deb9u3.dsc c12d0d8ab5995da693eab7977b85adfd 8424 java optional jackson-databind_2.8.6-1+deb9u3.debian.tar.xz 6f6a35c72bbc2e9402f4e0e79291032b 16475 java optional jackson-databind_2.8.6-1+deb9u3_amd64.buildinfo 6b67fd4e9736c7d5419df1c848c214fe 1228842 doc optional libjackson2-databind-java-doc_2.8.6-1+deb9u3_all.deb 0b83a8e190c67fb6ae0208edf2c27548 1154694 java optional libjackson2-databind-java_2.8.6-1+deb9u3_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqAeNhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkSogQALQgt9lAfVsUpMca7ix6eCgys/87J7yO311k oyOnHDoMYl9jXJtpZfL9XVPb3tYSSY23ZLKjeQuEI+oIxBA3hbgYzADrswSz6Etm rArSWRfpviHr3nAQJWbgRFlZYPSsOJ5jrWJN3wJFGJ6vzwofjbd3w5s+MLogUdm8 demLgmi7K+/CCdwh1dUQK+D74YS1askWATRXCLyNvD4MdQNbxfFAbjciUGDW4B1K PV/d2bJqKzDXZrOpXSfi9njgokpqniLTWPU3thbCnx412vDu3GzrYq0uh5oiiMi6 /C8+richa5PE0uAkr2c3haReSaEa4/YFBHBxXGlMERzsS0TUI6To+2jAxMsTp1qM dcnyAmB6HoArfR51Iu0hoKg4roR2UW2UUOhUNX6YtNeh1FpcR5bo7ntuvss4LvIn ztey44fUagSiuliwRmrT5KqzzhEQM1sPflxRMLqYVxo6P5mj60FTv51y5bhyf2Qu uym0Nnk9yUQhdkrocTfzs47U1dVyyf+tSvQ7cfoj/z7PGSHZoIJRLgFim+hbQJ+Z D2f/VZmqH0O4dwzHzGLH2EWIaHjSZ/sOIartbQ8VrGZoJIl0+OdZupexZvF5i95M Z/LGfnAalqT0ZiDtPONRwnfPCa5X4/JGua1YTKFz55n2CMgx0N3jpBYBOUBCx35V VOcFfDkI =68UA -----END PGP SIGNATURE----- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.