changes_fields:
Architecture: all
Binary: libjackson2-databind-java
Changed-By: Markus Koschany <apo@debian.org>
Changes: |2-
jackson-databind (2.14.0-1) unstable; urgency=medium
.
* New upstream version 2.14.0.
- Fix CVE-2022-42003:
Resource exhaustion can occur because of a lack of a check in primitive
value deserializers to avoid deep wrapper array nesting, when the
UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
- Fix CVE-2022-42004:
Resource exhaustion can occur because of a lack of a check in
BeanDeserializer._deserializeFromArray to prevent use of deeply nested
arrays. An application is vulnerable only with certain customized choices
for deserialization.
* Declare compliance with Debian Policy 4.6.1.
Checksums-Sha1:
- name: jackson-databind_2.14.0-1_arm64.buildinfo
sha1: 5324d2b4af65ac50a2520eee3b1597439166f3ae
size: '17162'
- name: libjackson2-databind-java_2.14.0-1_all.deb
sha1: 955fa6a61ed1c9d13962853168c8852f320ce9f7
size: '1531960'
Checksums-Sha256:
- name: jackson-databind_2.14.0-1_arm64.buildinfo
sha256: ebf28a1468bed8c90583500ec8a63f93a2dc1a85dcc7370cc9790849d4f4ca80
size: '17162'
- name: libjackson2-databind-java_2.14.0-1_all.deb
sha256: 0de7d5391891cf7339256d4422bce7ddb5eb1e83ad76e07fe5f61e508b4fb0f7
size: '1531960'
Date: Fri, 11 Nov 2022 23:19:39 +0100
Description: |2-
libjackson2-databind-java - fast and powerful JSON library for Java -- data binding
Distribution: sid
Files:
- md5sum: b10062ddd80e4d26412fbb461699feb9
name: jackson-databind_2.14.0-1_arm64.buildinfo
priority: optional
section: java
size: '17162'
- md5sum: 8abc1c1e0f8a513086d3163b42f11478
name: libjackson2-databind-java_2.14.0-1_all.deb
priority: optional
section: java
size: '1531960'
Format: '1.8'
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Source: jackson-databind
Urgency: medium
Version: 2.14.0-1
type: dpkg