debian/patches/CVE-2017-17485.patch · a3a6b050addc24e6e8b6a8f5cbc692ae439503c5 · Debian Java Maintainers / jackson-databind

Import Debian changes 2.8.6-1+deb9u3 · 44c0d6a2

Markus Koschany authored Jan 27, 2018

jackson-databind (2.8.6-1+deb9u3) stretch-security; urgency=high

  * Team upload.
  * Fix CVE-2017-17485 and CVE-2018-5968:
    Bybass of deserialization blackist to disallow unauthenticated remote code
    execution. These CVE exist due to an incomplete fix for CVE-2017-7525.
    (Closes: #888316, #888318)

jackson-databind (2.8.6-1+deb9u2) stretch-security; urgency=high

  * Team upload
  * CVE-2017-15095: incomplete fixes for CVE-2017-7525

44c0d6a2