UbuntuUpdates.org

Package "libjackson-json-java"

Name: libjackson-json-java

Description:

streaming fast powerful standard conformant json processor in java
Latest version: 1.9.2-7ubuntu0.2
Release: xenial (16.04)
Level: security
Repository: universe
Homepage: http://jackson.codehaus.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libjackson-json-java"

All arch deb package
APT INSTALL

Other versions of "libjackson-json-java" in Xenial

Repository Area Version
base universe 1.9.2-7
updates universe 1.9.2-7ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.9.2-7ubuntu0.2 2021-02-18 21:06:15 UTC

  libjackson-json-java (1.9.2-7ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Improper input sanitization
    - debian/patches/CVE-2017-15095.patch: Fix deserialization.
    - debian/patches/CVE-2017-7525.patch: Backport all known security
      fixes from 2.x that were missing, related to public CVEs.
    - debian/patches/CVE-2019-10172_1.patch: Set Secure Processing
      flag on DocumentBuilderFactory.
    - d/p/CVE-2019-10172_2.patch: setExpandEntityReferences(false).
    - CVE-2017-7525
    - CVE-2017-15095
    - CVE-2019-10172

 -- Paulo Flabiano Smorigo <email address hidden> Thu, 18 Feb 2021 14:04:33 +0000
CVE-2017-15095 A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perfo
CVE-2017-7525 A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user
CVE-2019-10172 A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects c


About   -   Send Feedback to @ubuntu_updates