[ubuntu/artful-security] jackson-databind 2.8.6-1+deb9u3build0.17.10.1 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu Feb 15 22:45:00 UTC 2018
jackson-databind (2.8.6-1+deb9u3build0.17.10.1) artful-security; urgency=medium
* fake sync from Debian
jackson-databind (2.8.6-1+deb9u3) stretch-security; urgency=high
* Team upload.
* Fix CVE-2017-17485 and CVE-2018-5968:
Bybass of deserialization blackist to disallow unauthenticated remote code
execution. These CVE exist due to an incomplete fix for CVE-2017-7525.
(Closes: #888316, #888318)
Date: 2018-02-15 20:56:22.177353+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
https://launchpad.net/ubuntu/+source/jackson-databind/2.8.6-1+deb9u3build0.17.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Artful-changes
mailing list