-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2342-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ August 24, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : libjackson-json-java Version : 1.9.2-8+deb9u1 CVE ID : CVE-2017-7525 CVE-2019-10172 Several vulnerabilities were fixed in libjackson-json-java, a Java JSON processor. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization. CVE-2019-10172 XML external entity vulnerabilities. For Debian 9 stretch, these problems have been fixed in version 1.9.2-8+deb9u1. We recommend that you upgrade your libjackson-json-java packages. For the detailed security status of libjackson-json-java please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libjackson-json-java Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl9Dh7QACgkQiNJCh6LY mLEYvQ/9EZ5MYjNVVx71AqM8ft1utdXR/Mxd4pVN8Uo3+sqU1RWcdtmFE8cCtrVe luA63rXDV5OwpouZGCNi5phMtfvjUr00cIfYCuAQ/DiQjXhZCLjxnIafpIQZDbqk HkBG2LTDQeaCs3mwvYiDzpFJTsfyZ4hlKfyCfwnMqDAksbSRTgnC9x/yxBTnXTzU LgpZeKdJQmtUjFyzyazpd0/attSiBxM6/jhZJIj5Qjq89aTANg+/c7Jno+8je32/ mPSxNFBS5Ab1qgFF7fXrqp6ZVSAqCRC3nLpnQz43AmAe2c6Kx8osjU5LA+1+VzZJ 9u6t/4dpMONVtKI1XFEdvORVwdyLO0EuPVAQWmVZIAWfDvruXw6gA+HHXIzoxykJ nLnmqE5T1rdFVNlW/B/v4m7iTHBuMl58n8e/DR6iXqu/DQNxcKAk3EIKiCcF3iZ+ HOfNzkPFK+7f//TSWxn1D5klnGlZcZFufcGbzKWXTJptzYiYdKNaFsRvxWRsKXcX o8b+6pNpJ6z38KdH06qICCj6hupqiUlrMed53vtxSWOq17D81fxYaX2f3Fy9bSl7 eqc1Ha6h4lQUgZB7hW4FGyAEkE7h437B85Y7Me5q09RNWzZLPx6FAmTwNUmnStRn W039r0rrprfruTMZtq78hfyff5sJaJ5FL5omdGt2D0FPD/WD6Qo= =Jgzx -----END PGP SIGNATURE-----