Skip to content
Commit 49053a29 authored by Markus Koschany's avatar Markus Koschany
Browse files

Import Debian changes 2.4.2-2+deb8u7 

jackson-databind (2.4.2-2+deb8u7) jessie-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * More Polymorphic Typing issues were discovered in jackson-databind. When
    Default Typing is enabled (either globally or for a specific property) for an
    externally exposed JSON endpoint and the service has JDOM 1.x or 2.x or
    logback-core jar in the classpath, an attacker can send a specifically
    crafted JSON message that allows them to read arbitrary local files on the
    server.
parent 24f508a1
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment