Hi,
Bringing to your kind notice on a Debian Security Advisory notification:
Package : jackson-databind
As per the notification Details:
-------------------------------------------------------------------------
Debian Security Advisory DSA-4037-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
November 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : jackson-databind
CVE ID : CVE-2017-15095
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization.
For the old stable distribution (jessie), this problem has been fixed in version 2.4.2-2+deb8u2.
For the stable distribution (stretch), this problem has been fixed in version 2.8.6-1+deb9u2.
We recommend that you upgrade your jackson-databind packages.
BR, Suraj
jackson-databind-2.7.3.jar would also have the security vulnerability. Can you please check and confirm the impact?
yes, thanks. Will check.
Also can you please let know the Jackson-databind group Id?
Is it com.fasterxml.jackson.core, org.jenkins-ci.plugins, Debian or is it something else?
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |