jackson-databind (2.14.0-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/java-team/jackson-databind.git
-
- Branch: master
- Path: debian/changelog
- Repo size: 479232
- Browser: https://salsa.debian.org/java-team/jackson-databind
- Last scan: 2025-01-14 23:25:08+00
- Next scan: 2025-01-23 03:43:00+00
- Merge requests: 5
- Debian changelog in Git:
jackson-databind (2.14.0-1) unstable; urgency=medium
* New upstream version 2.14.0.
- Fix CVE-2022-42003:
Resource exhaustion can occur because of a lack of a check in primitive
value deserializers to avoid deep wrapper array nesting, when the
UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
- Fix CVE-2022-42004:
Resource exhaustion can occur because of a lack of a check in
BeanDeserializer._deserializeFromArray to prevent use of deeply nested
arrays. An application is vulnerable only with certain customized choices
for deserialization.
* Declare compliance with Debian Policy 4.6.1.
-- Markus Koschany <apo@debian.org> Fri, 11 Nov 2022 23:19:39 +0100
- This branch is even with tag debian/2.14.0-1