[SECURITY] [DLA 3407-1] jackson-databind security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3407-1] jackson-databind security update
From: Adrian Bunk <bunk@debian.org>
Date: Sun, 30 Apr 2023 19:38:16 +0300
Message-id: <[🔎] ZE6ZeJg3Wp9RHw5f@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3407-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
April 30, 2023                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : jackson-databind
Version        : 2.9.8-3+deb10u5
CVE ID         : CVE-2020-10650

One more gadget type (ignite-jta) is being blocked in the Jackson Data 
Processor library for processing JSON and other data formats in Java.

For Debian 10 buster, this problem has been fixed in version
2.9.8-3+deb10u5.

We recommend that you upgrade your jackson-databind packages.

For the detailed security status of jackson-databind please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jackson-databind

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmROmXgACgkQiNJCh6LY
mLE29g//UkSshHJf5MIW1qHrx8eGnWhLjOy6BrY3LiIRqvl0+7lQxZ8h5z5Q6PQR
XeBvQG1b6TEPM7U61RJRZxRT2BtEUaEeLKOGblzlGPhWibJIgrQ1s9+vN7/aKETv
VEJXgyivxYdLL8KeXGlo9NWJj3lvF1RxyG0gpcKS7PawOBT+Wngx7RtWauv5HZL7
huu9KzmBoW5uaANTeaiYgn6Q22q11w9mf5G+83Km+cYRw60Ge8TOkPaqvcJVe9J8
Bj4GUIHBPjZ3c5Uj/ALCrNjq+TfdxVsIDNKNIF3koIvAOiz6O9k+BHM09Muu3t0I
5K/1RYAMbXBlgUjVa1eHVUa3b9OJPy0ZOK8cFxtEaxQR5cmOxA9KvCI4FhTiS5SM
Rgl3licyjhx5V8onk2/CdYSN7K32SKFdXSkJZJXHv1E/43i7kXcqK2r6Prr/rc5X
6IN4Wv09HLKSCEDLtvQNfIW2Xo+3S3M4M3hJ5v+oeexJvZIKlHOL6QEbZkGfTabz
5EerV4X1IT7ysYS5/18iiTQlg/S3ywH/SaN+6sH9o28j+3enIXmO2JKStFa0grMh
HTMDG37lQT0wl4dlO+rPUVof4pT4O6NkkODXpyBEm4D4HNtD3rwqv5URqBGtZHwf
uN0ByVNMyWZ45bi2jRoGyBMoBmdrBO8QQMOTSYaJeV91c0e5/VY=
=uaw3
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3405-1] libxml2 security update
Next by Date: [SECURITY] [DLA 3408-1] jruby security update
Previous by thread: [SECURITY] [DLA 3405-1] libxml2 security update
Next by thread: [SECURITY] [DLA 3408-1] jruby security update
Index(es):
- Date
- Thread