Publishing details

• Removed from disk on 2018-03-30.
• Removal requested on 2018-03-30.
• Superseded on 2018-03-29 by jackson-databind - 2.9.5-1
• Published on 2018-01-26
• Copied from debian sid in Primary Archive for Debian GNU/Linux by Ubuntu Archive Auto-Sync (sponsored by Ubuntu Archive Robot)

Changelog

jackson-databind (2.9.4-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 2.9.4.
    - Fix CVE-2018-5968: bypass of deserialization blacklist related to
      CVE-2017-7525 and CVE-2017-17485. (Closes: #888316)
    - Fix CVE-2017-17485: unauthenticated remote code execution
      because of an incomplete fix for CVE-2017-7525. (Closes: #888318)
  * Use compat level 11.
  * Declare compliance with Debian Policy 4.1.3.

 -- Markus Koschany <email address hidden>  Thu, 25 Jan 2018 14:45:19 +0100

Builds

• amd64

Package files

• jackson-databind_2.9.4-1.debian.tar.xz (4.2 KiB)
• jackson-databind_2.9.4-1.dsc (2.7 KiB)
• jackson-databind_2.9.4.orig.tar.gz (1.2 MiB)
• libjackson2-databind-java-doc_2.9.4-1_all.deb (1.2 MiB)
• libjackson2-databind-java_2.9.4-1_all.deb (1.2 MiB)