jackson-databind (2.4.2-2+deb8u3) jessie-security; urgency=high

  * Team upload.
  * Fix CVE-2017-17485 and CVE-2018-5968:
    Bybass of deserialization blackist to disallow unauthenticated remote code
    execution. These CVE exist due to an incomplete fix for CVE-2017-7525.
    (Closes: #888316, #888318)

jackson-databind (2.4.2-2+deb8u2) jessie-security; urgency=high

  * Team upload
  * CVE-2017-15095: incomplete fixes for CVE-2017-7525