Publishing details

Published on 2021-02-18
Copied from ubuntu xenial in PPA for Ubuntu Security Proposed by Paulo Flabiano Smorigo

Changelog

libjackson-json-java (1.9.2-7ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Improper input sanitization
    - debian/patches/CVE-2017-15095.patch: Fix deserialization.
    - debian/patches/CVE-2017-7525.patch: Backport all known security
      fixes from 2.x that were missing, related to public CVEs.
    - debian/patches/CVE-2019-10172_1.patch: Set Secure Processing
      flag on DocumentBuilderFactory.
    - d/p/CVE-2019-10172_2.patch: setExpandEntityReferences(false).
    - CVE-2017-7525
    - CVE-2017-15095
    - CVE-2019-10172

 -- Paulo Flabiano Smorigo <email address hidden>  Thu, 18 Feb 2021 14:04:33 +0000

Available diffs

diff from 1.9.2-7 (in Debian) to 1.9.2-7ubuntu0.2 (4.6 KiB)

Builds

amd64

Built packages

libjackson-json-java streaming fast powerful standard conformant json processor in java

libjackson-json-java-doc standard conformant json processor in java - API documentation

Package files

libjackson-json-java-doc_1.9.2-7ubuntu0.2_all.deb (996.5 KiB)
libjackson-json-java_1.9.2-7ubuntu0.2.debian.tar.xz (8.4 KiB)
libjackson-json-java_1.9.2-7ubuntu0.2.dsc (2.5 KiB)
libjackson-json-java_1.9.2-7ubuntu0.2_all.deb (1006.5 KiB)
libjackson-json-java_1.9.2.orig.tar.gz (1.1 MiB)