[SECURITY] [DLA 2406-1] jackson-databind security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2406-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
October 14, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : jackson-databind
Version : 2.8.6-1+deb9u8
CVE ID : CVE-2020-25649
It was discovered that there was an external entity expansion
vulnerability in jackson-databind, a Java library for processing
JSON.
For Debian 9 "Stretch", this problem has been fixed in version
2.8.6-1+deb9u8.
We recommend that you upgrade your jackson-databind packages.
For the detailed security status of jackson-databind please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jackson-databind
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl+G00gACgkQHpU+J9Qx
HlhHtA/+NHhI/W+X/cDTJkjEKSu4Yq51Hd2Pg20gut1uID1ZP6ikYFc6BLJW8Tgw
AbD05SFs25yKssdu5J9EhjUQHOTcY8/zpzZ1TOgbVZkuwfRhf3N97qH+2vsYzXFW
mCBxYd2Lt3m4cPTXemo6oPgPrjt6ESAgrSiRwxjggEiiZhHWzHBbQ95PPnyFegfQ
EKy3Lp4zOqJUHR9ZI2V1vlhJI1hhg8SCL6rCjEY4+yib9fY9+rvHcwfHDHgJmJKv
zxbBLAHudwlu9nVQ0xkOV6zqfc2Mmm5qLlhvckMUwZqK+/pHMujKUIW5RiUvzj3E
+zI6lJ5hsGS31gAG5tYQgl4lTFIZ6OtxufPvP3WmJJOQsu5yJ/AIrypfLx+u1K5V
tfE7GpbTmWGamU7QEc3UxEenpDbexqrHQwmngGN9idenFyetWt3A3E90CpMLo7QL
sS7cRwJBsHgftqIo7ZQfNkrjW4XQ6Cz0Ad31Tcg4/aO35FzP61VYUBqoZnr6bAse
VMvVnY8IjAK+lCWfJM/ZljTKmXKopTj2skck6yXosf2E/v6B0WHX17YEBvXX1MMd
FttLyILo6Q1wMiHdhT0J/gBer7EYUNHB2XRAHBdukDwgBarx9Vh2qUINR9POOhPv
/NZz+oByxH6FmetZUgxBmwuqWnxp/FF3ujTTE81sK1v4TAimG/M=
=AfVl
-----END PGP SIGNATURE-----
Reply to: