------------------------------------------------------------------------- Debian LTS Advisory DLA-4623-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 08, 2026 https://wiki.debian.org/LTS -------------------------------------------------------------------------
Package : jackson-core Version : 2.14.1-2~deb11u1 CVE ID : CVE-2025-49128 CVE-2025-52999 Debian Bug : 1108367 Two security vulnerabilities have been found in jackson-core, a fast and powerful JSON library for Java, which may allow an attacker to cause a denial of service by using deeply nested JSON data or disclose sensitive information by abusing a flaw in how certain exception messages are handled in jackson- core. Please note that related and complementary jackson-* packages like jackson- databind or the jackson-dataformat-* packages had to be upgraded as well in order to fix build failures caused by the newer upstream release of jackson- core. For Debian 11 bullseye, these problems have been fixed in version 2.14.1-2~deb11u1. We recommend that you upgrade your jackson-* packages. For the detailed security status of jackson-core please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jackson-core Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
signature.asc
Description: This is a digitally signed message part
