jackson-databind (2.9.8-2) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/java-team/jackson-databind.git
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Browser: https://salsa.debian.org/java-team/jackson-databind
Last scan: 2019-05-21 12:14:01+00
Next scan: 2019-05-22 14:50:00+00

Debian changelog in Git:

jackson-databind (2.9.8-2) unstable; urgency=medium

  * Team upload.
  * Fix CVE-2019-12086:
    A Polymorphic Typing issue was discovered in jackson-databind. When
    Default Typing is enabled (either globally or for a specific property) for
    an externally exposed JSON endpoint, the service has the
    mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an
    attacker can host a crafted MySQL server reachable by the victim, an
    attacker can send a crafted JSON message that allows them to read arbitrary
    local files on the server. This occurs because of missing
    com.mysql.cj.jdbc.admin.MiniAdmin validation. (Closes: #929177)

 -- Markus Koschany <apo@debian.org>  Sat, 18 May 2019 20:31:28 +0200

This branch is even with tag debian/2.9.8-2