Superseded
by jackson-databind - 2.8.6-1+deb9u4build0.17.10.1
Published
Copied from
ubuntu artful in
Private PPA for Ubuntu Security Team
by Ubuntu Archive Robot
Changelog
jackson-databind (2.8.6-1+deb9u3build0.17.10.1) artful-security; urgency=medium
* fake sync from Debian
jackson-databind (2.8.6-1+deb9u3) stretch-security; urgency=high
* Team upload.
* Fix CVE-2017-17485 and CVE-2018-5968:
Bybass of deserialization blackist to disallow unauthenticated remote code
execution. These CVE exist due to an incomplete fix for CVE-2017-7525.
(Closes: #888316, #888318)
-- Steve Beattie <email address hidden> Thu, 15 Feb 2018 10:15:00 -0800