jackson-databind_2.14.0-1_arm64.changes 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Format: 1.8
Date: Fri, 11 Nov 2022 23:19:39 +0100
Source: jackson-databind
Binary: libjackson2-databind-java
Architecture: all
Version: 2.14.0-1
Distribution: sid
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data binding
Changes:
 jackson-databind (2.14.0-1) unstable; urgency=medium
 .
   * New upstream version 2.14.0.
     - Fix CVE-2022-42003:
       Resource exhaustion can occur because of a lack of a check in primitive
       value deserializers to avoid deep wrapper array nesting, when the
       UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
     - Fix CVE-2022-42004:
       Resource exhaustion can occur because of a lack of a check in
       BeanDeserializer._deserializeFromArray to prevent use of deeply nested
       arrays. An application is vulnerable only with certain customized choices
       for deserialization.
   * Declare compliance with Debian Policy 4.6.1.
Checksums-Sha1:
 5324d2b4af65ac50a2520eee3b1597439166f3ae 17162 jackson-databind_2.14.0-1_arm64.buildinfo
 955fa6a61ed1c9d13962853168c8852f320ce9f7 1531960 libjackson2-databind-java_2.14.0-1_all.deb
Checksums-Sha256:
 ebf28a1468bed8c90583500ec8a63f93a2dc1a85dcc7370cc9790849d4f4ca80 17162 jackson-databind_2.14.0-1_arm64.buildinfo
 0de7d5391891cf7339256d4422bce7ddb5eb1e83ad76e07fe5f61e508b4fb0f7 1531960 libjackson2-databind-java_2.14.0-1_all.deb
Files:
 b10062ddd80e4d26412fbb461699feb9 17162 java optional jackson-databind_2.14.0-1_arm64.buildinfo
 8abc1c1e0f8a513086d3163b42f11478 1531960 java optional libjackson2-databind-java_2.14.0-1_all.deb
package upload System build a package - 1 month, 3 weeks ago 3 weeks, 6 days
BETA