[jackson-databind] 04/04: Release 2.4.2-2+deb8u1
Markus Koschany
apo at moszumanska.debian.org
Fri Oct 20 13:04:52 UTC 2017
This is an automated email from the git hooks/post-receive script.
apo pushed a commit to branch jessie
in repository jackson-databind.
commit c1bc818a6ba603b1a7a9451070ea0eee3e48a01e
Author: Markus Koschany <apo at debian.org>
Date: Thu Oct 19 15:11:43 2017 +0200
Release 2.4.2-2+deb8u1
---
debian/changelog | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 1f60670..fbabc1e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,8 @@
jackson-databind (2.4.2-2+deb8u1) jessie-security; urgency=high
* Team upload.
- *
+ * Fix CVE-2017-7525: Deserialization vulnerability via readValue
+ method of ObjectMapper. (Closes: #870848)
-- Markus Koschany <apo at debian.org> Thu, 19 Oct 2017 01:44:42 +0200
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/jackson-databind.git
More information about the pkg-java-commits
mailing list