Unverified Commit edc42295 authored by Markus Koschany's avatar Markus Koschany Committed by Ritesh Raj Sarraf

Import Debian changes 2.9.8-3+deb10u1

jackson-databind (2.9.8-3+deb10u1) buster-security; urgency=high

  * Fix CVE-2019-12384, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
    CVE-2019-16942 and CVE-2019-16943. Several deserialization flaws
    were discovered in jackson-databind which could allow an
    unauthenticated user to perform code execution. The issue was
    resolved by extending the blacklist and blocking more classes from
    polymorphic deserialization.
Signed-off-by: Ritesh Raj Sarraf's avatarRitesh Raj Sarraf <ritesh.sarraf@collabora.com>
parent 8145cf14
Pipeline #126811 waiting for manual action with stages
in 46 seconds