Accepted:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 12 Oct 2017 00:31:43 +0200 Source: jackson-databind Binary: libjackson2-databind-java libjackson2-databind-java-doc Architecture: source Version: 2.9.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding libjackson2-databind-java-doc - Documentation for jackson-databind Closes: 870848 875411 Changes: jackson-databind (2.9.1-1) unstable; urgency=medium . * Team upload. * New upstream version 2.9.1. - Fixes CVE-2017-7525: Deserialization vulnerability via readValue method of ObjectMapper (Closes: #870848) - Builds fine with Java 9. (Closes: #875411) * Declare compliance with Debian Policy 4.1.1. * Tighten B-D on jackson-core and jackson-annotations. * Add libmaven-shade-plugin-java to B-D. Checksums-Sha1: 88e2d48d329c7daec8859ac154414d6e83b412b9 2697 jackson-databind_2.9.1-1.dsc 7454b681b36301a4a45e6d688a509bb662e290fa 1217778 jackson-databind_2.9.1.orig.tar.gz 0953ecf97a8df7b6c6b5126087db6d4f24804c91 4176 jackson-databind_2.9.1-1.debian.tar.xz 7dd729dceeb837c5286f4d895e35c1649f9cce15 16953 jackson-databind_2.9.1-1_amd64.buildinfo Checksums-Sha256: ba34530ca1ed7b5aeaf04f8ec345959c1ce8e9a3cb07e20db72837572eb89748 2697 jackson-databind_2.9.1-1.dsc 515200c897d1a1d1ce8bbb3f6abe9957b9ce8ebbb58f81115efedff38c5cb90b 1217778 jackson-databind_2.9.1.orig.tar.gz 16780621f5295ef58afa5d5ef8583e43219fcf47dd0bf7a5fee4bf2b0efb8b29 4176 jackson-databind_2.9.1-1.debian.tar.xz 2bd1a43b576671339725070523ec927cc3697f58154362740f88b4c5089515b6 16953 jackson-databind_2.9.1-1_amd64.buildinfo Files: 8a0d0b3d7b4ee25fab1630ad643eb38a 2697 java optional jackson-databind_2.9.1-1.dsc ab01ec1139e393133ade4822084316c2 1217778 java optional jackson-databind_2.9.1.orig.tar.gz e1b455e8c35075603d38fba7702b4641 4176 java optional jackson-databind_2.9.1-1.debian.tar.xz 5dcf2095f42728a073fe652381805b45 16953 java optional jackson-databind_2.9.1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlneoG5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkQdMQAMH6spLTj7ucHvTDWL7/2S+0IovByO0wHDeU rJp0fMk/HgRaZ36LMXJik9TyZvKsAW87DArL25q98jQrbXq3iyqfirjV3xTKIWUw sWc5YCuvD80jpM8enFZ6smkQ0UqaZEJHYfR1sK4A/X2oNFLyjvAF5cdFi2WBgbzD tCdXVPnu4l6h0WeI8ujy6vPj1bwRl6gSy63/7DXArdO4pAlODCUk/JAYuuKqAb51 PhFvhlQAcHxb5pmi3tPIwMd1eoCr97MWiQhJ8zqCWazct2jgBgk91FSWv/22mG5E AonCeofKay0+uMj7cucRoz4TL0zyrdvdDOXoYSYYYWIJFYuSRb4iBvb6RW/+mBzF sC7k5rpz2kfZ4SFnrX/nqMWsfnQbjS9vwVXH/TYlb9HhVapEWM17ctJqnpBDCH0S c/YjKjxKnYBImKJQYcmVAJKAydkfQ7fNSbmBAWtl5e1i14VxRTV9foBiUIMT4W4m lCe0abNLeSN4VNj31T8mvFF4KnjV3s76g0ECOhcpz37pKSJQfivFpxXmX1Y0y37/ b/Mre0cz/OUKZe/9vB46hBYbnY0UcrqOSqHiaZOddZr34O4BVzVu9WcP0Bhh/aEN FtcVN1lUvgv2/coB+JRemjUx1vLFi/AZYGRleTCWyzoM/9KDGC0URhNhflwDKucI 9j2xpcXo =pQkf -----END PGP SIGNATURE----- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.