Import Debian changes 2.9.8-3+deb10u1
jackson-databind (2.9.8-3+deb10u1) buster-security; urgency=high
- Fix CVE-2019-12384, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942 and CVE-2019-16943. Several deserialization flaws were discovered in jackson-databind which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization.
Signed-off-by: Ritesh Raj Sarraf ritesh.sarraf@collabora.com