jackson-databind (2.9.4-1) unstable; urgency=medium
* Team upload.
* New upstream version 2.9.4.
- Fix CVE-2018-5968: bypass of deserialization blacklist related to
CVE-2017-7525 and CVE-2017-17485. (Closes: #888316)
- Fix CVE-2017-17485: unauthenticated remote code execution
because of an incomplete fix for CVE-2017-7525. (Closes: #888318)
* Use compat level 11.
* Declare compliance with Debian Policy 4.1.3.
-- Markus Koschany <email address hidden> Thu, 25 Jan 2018 14:45:19 +0100