[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2406-1] jackson-databind security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2406-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
October 14, 2020                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : jackson-databind
Version        : 2.8.6-1+deb9u8
CVE ID         : CVE-2020-25649

It was discovered that there was an external entity expansion
vulnerability in jackson-databind, a Java library for processing
JSON.

For Debian 9 "Stretch", this problem has been fixed in version
2.8.6-1+deb9u8.

We recommend that you upgrade your jackson-databind packages.

For the detailed security status of jackson-databind please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jackson-databind

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl+G00gACgkQHpU+J9Qx
HlhHtA/+NHhI/W+X/cDTJkjEKSu4Yq51Hd2Pg20gut1uID1ZP6ikYFc6BLJW8Tgw
AbD05SFs25yKssdu5J9EhjUQHOTcY8/zpzZ1TOgbVZkuwfRhf3N97qH+2vsYzXFW
mCBxYd2Lt3m4cPTXemo6oPgPrjt6ESAgrSiRwxjggEiiZhHWzHBbQ95PPnyFegfQ
EKy3Lp4zOqJUHR9ZI2V1vlhJI1hhg8SCL6rCjEY4+yib9fY9+rvHcwfHDHgJmJKv
zxbBLAHudwlu9nVQ0xkOV6zqfc2Mmm5qLlhvckMUwZqK+/pHMujKUIW5RiUvzj3E
+zI6lJ5hsGS31gAG5tYQgl4lTFIZ6OtxufPvP3WmJJOQsu5yJ/AIrypfLx+u1K5V
tfE7GpbTmWGamU7QEc3UxEenpDbexqrHQwmngGN9idenFyetWt3A3E90CpMLo7QL
sS7cRwJBsHgftqIo7ZQfNkrjW4XQ6Cz0Ad31Tcg4/aO35FzP61VYUBqoZnr6bAse
VMvVnY8IjAK+lCWfJM/ZljTKmXKopTj2skck6yXosf2E/v6B0WHX17YEBvXX1MMd
FttLyILo6Q1wMiHdhT0J/gBer7EYUNHB2XRAHBdukDwgBarx9Vh2qUINR9POOhPv
/NZz+oByxH6FmetZUgxBmwuqWnxp/FF3ujTTE81sK1v4TAimG/M=
=AfVl
-----END PGP SIGNATURE-----
Reply to: