Import Debian changes 2.4.2-2+deb8u5

jackson-databind (2.4.2-2+deb8u5) jessie-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
    CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
    CVE-2018-19361 and CVE-2018-19362.
    Several deserialization flaws were discovered in jackson-databind which
    could allow an unauthenticated user to perform code execution. The issue
    was resolved by extending the blacklist and blocking more classes from
    polymorphic deserialization.