Package: jackson-databind | Debian Sources

Package: jackson-databind / 2.8.6-1+deb9u7

Metadata

Package	Version	Patches format
jackson-databind	2.8.6-1+deb9u7	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
CVE 2017 7525.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 50 50 + 0 - 0 ! src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java \| 40 40 + 0 - 0 ! 2 files changed, 90 insertions(+)	cve-2017-7525 Bug-Upstream: https://github.com/FasterXML/jackson-databind/issues/1599 Bug-Debian: https://bugs.debian.org/870848
CVE 2017 15095_1.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	minor improvement wrt #1599 (also cover vanilla xalan impl)
CVE 2017 15095_2.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	fix #1680
CVE 2017 15095_3.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 11 10 + 1 - 0 ! src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java \| 94 89 + 5 - 0 ! 2 files changed, 99 insertions(+), 6 deletions(-)	fix #1737
CVE 2018 5968.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	cve-2018-5968 Bug-Debian: https://bugs.debian.org/888316 Bug-Upstream: https://github.com/FasterXML/jackson-databind/issues/1899
CVE 2017 17485.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 38 32 + 6 - 0 ! 1 file changed, 32 insertions(+), 6 deletions(-)	cve-2017-17485 Bug-Debian: https://bugs.debian.org/888318 Bug-Upstream: https://github.com/FasterXML/jackson-databind/issues/1855
CVE 2018 7489.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 16 14 + 2 - 0 ! 1 file changed, 14 insertions(+), 2 deletions(-)	cve-2018-7489 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891614
CVE 2018 11307.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	cve-2018-11307 Bug-Upstream: https://github.com/FasterXML/jackson-databind/issues/2032
CVE 2018 12022.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	cve-2018-12022 This is also the fix for CVE-2018-12023. Bug-Upstream: https://github.com/FasterXML/jackson-databind/issues/2052
CVE 2018 14718.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	cve-2018-14718 This is also the fix for CVE-2018-14719, CVE-2018-14720, CVE-2018-14721. Bug-Upstream: https://github.com/FasterXML/jackson-databind/issues/2097
CVE 2018 19360.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	cve-2018-19360 This is also the fix for CVE-2018-19361 and CVE-2018-19362. Bug-Upstream: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
CVE 2019 12086.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	cve-2019-12086 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929177 Bug-Upstream: https://github.com/FasterXML/jackson-databind/issues/2326
polymorphic typing issues.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 33 33 + 0 - 0 ! 1 file changed, 33 insertions(+)	polymorphic typing issues This is the fix for CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943
multiple CVE BeanDeserializerFactory.patch \| (download)	src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java \| 109 96 + 13 - 0 ! 1 file changed, 96 insertions(+), 13 deletions(-)	multiple cve beandeserializerfactory This is the fix for CVE-2020-9548, CVE-2020-9547, CVE-2020-9546, CVE-2020-8840, CVE-2020-14195, CVE-2020-14062, CVE-2020-14061, CVE-2020-14060, CVE-2020-11620, CVE-2020-11619, CVE-2020-11113, CVE-2020-11112, CVE-2020-11111, CVE-2020-10969, CVE-2020-10968, CVE-2020-10673, CVE-2020-10672, CVE-2019-20330, CVE-2019-17531 and CVE-2019-17267.

1