Skip to content
Commit b3b70e6f authored by Markus Koschany's avatar Markus Koschany
Browse files

Import Debian changes 2.4.2-2+deb8u5 

jackson-databind (2.4.2-2+deb8u5) jessie-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
    CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
    CVE-2018-19361 and CVE-2018-19362.
    Several deserialization flaws were discovered in jackson-databind which
    could allow an unauthenticated user to perform code execution. The issue
    was resolved by extending the blacklist and blocking more classes from
    polymorphic deserialization.
parent 3062d842
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment