Skip to content

Import Debian changes 2.9.8-3+deb10u1

Ritesh Raj Sarraf requested to merge wip/ritesh/fix-cve-jackson-databind into apertis/v2020pre

jackson-databind (2.9.8-3+deb10u1) buster-security; urgency=high

  • Fix CVE-2019-12384, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942 and CVE-2019-16943. Several deserialization flaws were discovered in jackson-databind which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization.

Signed-off-by: Ritesh Raj Sarraf ritesh.sarraf@collabora.com

Merge request reports

Apertis Website Terms of Use Privacy Policy