Format: 1.8 Date: Fri, 11 Nov 2022 23:19:39 +0100 Source: jackson-databind Binary: libjackson2-databind-java Architecture: all Version: 2.14.0-1 Distribution: sid Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding Changes: jackson-databind (2.14.0-1) unstable; urgency=medium . * New upstream version 2.14.0. - Fix CVE-2022-42003: Resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. - Fix CVE-2022-42004: Resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. * Declare compliance with Debian Policy 4.6.1. Checksums-Sha1: 5324d2b4af65ac50a2520eee3b1597439166f3ae 17162 jackson-databind_2.14.0-1_arm64.buildinfo 955fa6a61ed1c9d13962853168c8852f320ce9f7 1531960 libjackson2-databind-java_2.14.0-1_all.deb Checksums-Sha256: ebf28a1468bed8c90583500ec8a63f93a2dc1a85dcc7370cc9790849d4f4ca80 17162 jackson-databind_2.14.0-1_arm64.buildinfo 0de7d5391891cf7339256d4422bce7ddb5eb1e83ad76e07fe5f61e508b4fb0f7 1531960 libjackson2-databind-java_2.14.0-1_all.deb Files: b10062ddd80e4d26412fbb461699feb9 17162 java optional jackson-databind_2.14.0-1_arm64.buildinfo 8abc1c1e0f8a513086d3163b42f11478 1531960 java optional libjackson2-databind-java_2.14.0-1_all.deb