jackson-databind 2.8.6-1+deb9u4build0.17.10.1 source package in Ubuntu
Changelog
jackson-databind (2.8.6-1+deb9u4build0.17.10.1) artful-security; urgency=medium * fake sync from Debian jackson-databind (2.8.6-1+deb9u4) stretch-security; urgency=high * Team upload. * Fix CVE-2018-7489: allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. (Closes: #891614) -- Steve Beattie <email address hidden> Thu, 03 May 2018 23:12:44 -0700
Upload details
- Uploaded by:
- Steve Beattie
- Uploaded to:
- Artful
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- java
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
jackson-databind_2.8.6.orig.tar.xz | 721.5 KiB | 1c2edb33da5ad8baafb4b291872f885ee1cfc773683288bd514a19aa19c639d1 |
jackson-databind_2.8.6-1+deb9u4build0.17.10.1.debian.tar.xz | 8.7 KiB | 498868484d5491a1ba3838cd4dd9a76e0ab2f89ecd21535b98db2e8d60ac3f39 |
jackson-databind_2.8.6-1+deb9u4build0.17.10.1.dsc | 2.5 KiB | 4cc29dbde0dcfd9e0c6383d5845ddc8bfba3a11880b1cdb0072192e78254c48f |
Available diffs
Binary packages built by this source
- libjackson2-databind-java: No summary available for libjackson2-databind-java in ubuntu artful.
No description available for libjackson2-
databind- java in ubuntu artful.
- libjackson2-databind-java-doc: No summary available for libjackson2-databind-java-doc in ubuntu artful.
No description available for libjackson2-
databind- java-doc in ubuntu artful.