-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2406-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 14, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : jackson-databind Version : 2.8.6-1+deb9u8 CVE ID : CVE-2020-25649 It was discovered that there was an external entity expansion vulnerability in jackson-databind, a Java library for processing JSON. For Debian 9 "Stretch", this problem has been fixed in version 2.8.6-1+deb9u8. We recommend that you upgrade your jackson-databind packages. For the detailed security status of jackson-databind please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jackson-databind Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl+G00gACgkQHpU+J9Qx HlhHtA/+NHhI/W+X/cDTJkjEKSu4Yq51Hd2Pg20gut1uID1ZP6ikYFc6BLJW8Tgw AbD05SFs25yKssdu5J9EhjUQHOTcY8/zpzZ1TOgbVZkuwfRhf3N97qH+2vsYzXFW mCBxYd2Lt3m4cPTXemo6oPgPrjt6ESAgrSiRwxjggEiiZhHWzHBbQ95PPnyFegfQ EKy3Lp4zOqJUHR9ZI2V1vlhJI1hhg8SCL6rCjEY4+yib9fY9+rvHcwfHDHgJmJKv zxbBLAHudwlu9nVQ0xkOV6zqfc2Mmm5qLlhvckMUwZqK+/pHMujKUIW5RiUvzj3E +zI6lJ5hsGS31gAG5tYQgl4lTFIZ6OtxufPvP3WmJJOQsu5yJ/AIrypfLx+u1K5V tfE7GpbTmWGamU7QEc3UxEenpDbexqrHQwmngGN9idenFyetWt3A3E90CpMLo7QL sS7cRwJBsHgftqIo7ZQfNkrjW4XQ6Cz0Ad31Tcg4/aO35FzP61VYUBqoZnr6bAse VMvVnY8IjAK+lCWfJM/ZljTKmXKopTj2skck6yXosf2E/v6B0WHX17YEBvXX1MMd FttLyILo6Q1wMiHdhT0J/gBer7EYUNHB2XRAHBdukDwgBarx9Vh2qUINR9POOhPv /NZz+oByxH6FmetZUgxBmwuqWnxp/FF3ujTTE81sK1v4TAimG/M= =AfVl -----END PGP SIGNATURE-----
