jackson-databind (2.9.8-3) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/java-team/jackson-databind.git
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Browser: https://salsa.debian.org/java-team/jackson-databind
Last scan: 2019-07-17 05:16:39+00
Next scan: 2019-07-18 01:29:00+00

Debian changelog in Git:

jackson-databind (2.9.8-3) unstable; urgency=medium

  * Team upload.
  * Fix CVE-2019-12814 and CVE-2019-12384:
    More Polymorphic Typing issues were discovered in jackson-databind. When
    Default Typing is enabled (either globally or for a specific property) for
    an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x or
    logback-core jar in the classpath, an attacker can send a specifically
    crafted JSON message that allows them to read arbitrary local files on the
    server. (Closes: #930750)

 -- Markus Koschany <apo@debian.org>  Sat, 22 Jun 2019 00:28:48 +0200

This branch is even with tag debian/2.9.8-3