Format: 1.8
Date: Fri, 11 Nov 2022 23:19:39 +0100
Source: jackson-databind
Binary: libjackson2-databind-java
Built-For-Profiles: noudeb
Architecture: all
Version: 2.14.0-1
Distribution: lunar-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy02-amd64-101.buildd>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data binding
Changes:
 jackson-databind (2.14.0-1) unstable; urgency=medium
 .
   * New upstream version 2.14.0.
     - Fix CVE-2022-42003:
       Resource exhaustion can occur because of a lack of a check in primitive
       value deserializers to avoid deep wrapper array nesting, when the
       UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
     - Fix CVE-2022-42004:
       Resource exhaustion can occur because of a lack of a check in
       BeanDeserializer._deserializeFromArray to prevent use of deeply nested
       arrays. An application is vulnerable only with certain customized choices
       for deserialization.
   * Declare compliance with Debian Policy 4.6.1.
Checksums-Sha1:
 c9ef0ce6c0051e5ad620e0890193f0c8df4799bb 17419 jackson-databind_2.14.0-1_amd64.buildinfo
 29dd3601e710f9937e8c7336baa04f8e6f7778cd 1531058 libjackson2-databind-java_2.14.0-1_all.deb
Checksums-Sha256:
 7c9a79edf5708f61d3bba4f1efa549d72dfb989c9a0112c457ebd5ab9ca66312 17419 jackson-databind_2.14.0-1_amd64.buildinfo
 80a473ac805266e19ac9543c80640b8fcdaf419905bc22d4fba96e2ecf5ee4d9 1531058 libjackson2-databind-java_2.14.0-1_all.deb
Files:
 73542e6fd0958c6597d3b77d21846ea5 17419 java optional jackson-databind_2.14.0-1_amd64.buildinfo
 d42b5c0cfaf906e9cc16dd6499ccd0bc 1531058 java optional libjackson2-databind-java_2.14.0-1_all.deb