Forum: >>> Magnum BBS <<<

Accepted jackson-databind 2.9.8-3+deb10u3 (source) into proposed-update

From Debian FTP Masters@21:1/5 to All on Mon May 3 20:20:02 2021

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 24 Apr 2021 19:56:57 +0530
Source: jackson-databind
Architecture: source
Version: 2.9.8-3+deb10u3
Distribution: buster
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Changes:
jackson-databind (2.9.8-3+deb10u3) buster; urgency=medium
.
* Non-maintainer upload by the LTS team.
* Add patch to fix:
- CVE-2020-24616: Block one more gadget type (Anteros-DBCP)
- CVE-2020-24750: Block one more gadget type
(com.pastdev.httpcomponents)
- CVE-2020-25649: setExpandEntityReferences(false) may not
prevent external entity expansion in all
cases
- CVE-2020-35490 and CVE-2020-35491: Block 2 more gadget
types (commons-dbcp2)
- CVE-2020-35728: Block one more gadget type
(org.glassfish.web/javax.servlet.jsp.jstl)
- CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, and
CVE-2020-36182: Block some more DBCP-related potential
gadget classes
- CVE-2020-36183: Block one more gadget type
(org.docx4j.org.apache:xalan-interpretive)
- CVE-2020-36184 and CVE-2020-36185: Block 2 more gadget
types (org.apache.tomcat/tomcat-dbcp)
- CVE-2020-36186 and CVE-2020-36187: Block 2 more gadget
types (tomcat/naming-factory-dbcp)
- CVE-2020-36188 and CVE-2020-36189: Block 2 more gadget
types (newrelic-agent)
- CVE-2021-20190: Block one more gadget type (javax.swing)
Checksums-Sha1:
e57b29afd05026d7b05ee41ee8cf4ec5500ca508 2589 jackson-databind_2.9.8-3+deb10u3.dsc
2ff8f5a4c3220eeeacbed08cb44fda6a3a2aaea2 9260 jackson-databind_2.9.8-3+deb10u3.debian.tar.xz
4d5d4b1badd695c107419d4f910d598b0022096e 17002 jackson-databind_2.9.8-3+deb10u3_amd64.buildinfo
Checksums-Sha256:
3fb7032b7119dcb8f78ede079421fff4a0833fee7415c779186642e0852c0984 2589 jackson-databind_2.9.8-3+deb10u3.dsc
16ae08616e5adee7d64375669631f5c442de71381486bbdfb1e12a3384d1597c 9260 jackson-databind_2.9.8-3+deb10u3.debian.tar.xz
09b694aafafea86b88885e1869be75bc3f0329b22521478ee60409048beb15d4 17002 jackson-databind_2.9.8-3+deb10u3_amd64.buildinfo
Files:
c3f3167b3cd1c4881453fd9adce3639e 2589 java optional jackson-databind_2.9.8-3+deb10u3.dsc
179b286c8431850a1db8e7cdd3546d1d 9260 java optional jackson-databind_2.9.8-3+deb10u3.debian.tar.xz
7fcd0bc370460da2e4e7de55a2999bff 17002 java optional jackson-databind_2.9.8-3+deb10u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmCELJATHHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlpKFEACuLFdoF/nI2lA1fEAKt+9qRSq2RNhR m6+YGvKEanjxk5PhbS9qKpF3oRzjdEcCnp/PDGleuyJE/nyAH0ELizSoV+sl/GD+ toOWt97KtFQQWrra0HuHperNJS63BBDsTx637VWMDGG+8vZ+dyQJ8YNHM+ESklQc nsEkfbPlnB1CrcWXMHIGiGbxgJILO3ZovdkaVyZcuT6WzO8k+k6lDXxgeM74oeUW FzDT98UpLZF/KIP1TcVgYhdEbQ9itADaxA2DY8hbw0ZLxjByTgvb8RtOn3S3DbFA kVW1tiwS3ZJ5dgyoAH9v7uLkJTpbECOPMfo+Dqe9Qt5OQdeCwdNlkXvKeeje5vxY UzNqaZTQZ4vHCOdkfLezO5y9h/apimPcwZ583aX90OoHu0R9RpeTDBbDoWxKgay4 cDEE/NHc0EMROATmaUZguPp7gKCsoNR4Fnu0dFi19tRTKvgJtr4luhISWOXY+sxv 0G7BltlzWsax+8SJNEubQ7GXK+/xMoDI0wNdkPRArpq73OnsW3x3ErjRPbOzYzr0 9ytMGxcxHSF1EyoTlP1PIW0I4COygu/LSyYWHTqhOO/Xp0TQi8Drnqo994Ct4kBJ cHqXXW3Q4nRGnZWyiHNQvacB3K+4ivzOX0oVkwvJGduJ4hm+NZ3e0zBlmYNX43AE QTKk8QCoiWFzTg==
=AfZZ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Bob Worm
  Fri Apr 19 14:04:19 2024
  from Wales, Uk via Telnet
- Richard
  Fri Apr 19 12:43:01 2024
  from Leeds, Uk via SSH
- Bob Worm
  Fri Apr 19 09:15:26 2024
  from Wales, Uk via Telnet
- Bob Worm
  Fri Apr 19 08:49:01 2024
  from Wales, Uk via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	293
Nodes:	16 (2 / 14)
Uptime:	222:15:33
Calls:	6,623
Calls today:	5
Files:	12,171
Messages:	5,318,201

Accepted jackson-databind 2.9.8-3+deb10u3 (source) into proposed-update

Who's Online

Recent Visitors

System Info