[SECURITY] [DLA 2091-1] libjackson-json-java security update


Package : libjackson-json-java Version : 1.9.2-3+deb8u1 CVE ID : CVE-2017-7525 CVE-2017-15095 CVE-2019-10172 Several vulnerabilities were fixed in libjackson-json-java. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization. CVE-2019-10172 XML external entity vulnerabilities. For Debian 8 "Jessie", these problems have been fixed in version 1.9.2-3+deb8u1. We recommend that you upgrade your libjackson-json-java packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Affected Package

OS OS Version Package Name Package Version
Debian 8 jackson-databind 2.4.2-2+deb8u2
Debian 9 libjackson-json-java 1.9.2-8+deb9u1
Debian 8 libjackson2-databind-java 2.4.2-2+deb8u2
Debian 8 libjackson2-databind-java-doc 2.4.2-2+deb8u2
Debian 9 libjackson2-databind-java 2.8.6-1+deb9u1
Debian 9 libjackson2-databind-java 2.8.6-1+deb9u2
Debian 8 libjackson-json-java-doc 1.9.2-3+deb8u1
Debian 10 libjackson-json-java-doc 1.9.13-2~deb10u1
Debian 9 libjackson2-databind-java-doc 2.8.6-1+deb9u2
Debian 8 libjackson2-databind-java-doc 2.4.2-2+deb8u1
Debian 8 jackson-databind 2.4.2-2+deb8u1
Debian 9 jackson-databind 2.8.6-1+deb9u1
Debian 9 libjackson-json-java-doc 1.9.2-8+deb9u1
Debian 8 libjackson2-databind-java 2.4.2-2+deb8u1
Debian 9 libjackson2-databind-java-doc 2.8.6-1+deb9u1
Debian 10 libjackson-json-java 1.9.13-2~deb10u1
Debian 8 libjackson-json-java 1.9.2-3+deb8u1
Debian 9 jackson-databind 2.8.6-1+deb9u2