jackson-databind (2.4.2-2+deb8u4) jessie-security; urgency=high

  * Team upload.
  * Fix CVE-2018-7489: allows unauthenticated remote code execution because of
    an incomplete fix for the CVE-2017-7525 deserialization flaw. This is
    exploitable by sending maliciously crafted JSON input to the readValue
    method of the ObjectMapper, bypassing a blacklist that is ineffective if
    the c3p0 libraries are available in the classpath. (Closes: #891614)

 -- Markus Koschany <apo@debian.org>  Tue, 01 May 2018 19:20:38 +0200

jackson-databind (2.4.2-2+deb8u3) jessie-security; urgency=high

  * Team upload.
  * Fix CVE-2017-17485 and CVE-2018-5968:
    Bybass of deserialization blackist to disallow unauthenticated remote code
    execution. These CVE exist due to an incomplete fix for CVE-2017-7525.
    (Closes: #888316, #888318)

 -- Markus Koschany <apo@debian.org>  Sat, 27 Jan 2018 19:37:47 +0100

jackson-databind (2.4.2-2+deb8u2) jessie-security; urgency=high

  * Team upload
  * CVE-2017-15095: incomplete fixes for CVE-2017-7525

 -- Sebastien Delafond <seb@debian.org>  Thu, 16 Nov 2017 09:13:27 +0100

jackson-databind (2.4.2-2+deb8u1) jessie-security; urgency=high

  * Team upload.
  * Fix CVE-2017-7525: Deserialization vulnerability via readValue
    method of ObjectMapper. (Closes: #870848)

 -- Markus Koschany <apo@debian.org>  Thu, 19 Oct 2017 01:44:42 +0200

jackson-databind (2.4.2-2) unstable; urgency=medium

  * Team upload.
  * Build depend on libcglib3-java instead of libcglib-java
  * Standards-Version updated to 3.9.6 (no changes)
  * Removed the build dependency on libmaven-cobertura-plugin-java

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 29 Sep 2014 16:30:49 +0200

jackson-databind (2.4.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
  * ignoreRules: Ignore replacer.
  * ignoreRules: Ignore release plugin.
  * control: Add libmaven-bundle-plugin to build-deps.
  * fix-using-bundle.diff: Use extensions with bundle plugin.
  * maven.{publishedR,r}ules: Fix version mangling.
  * control: Bump dependency on -core and -annotations.
  * properties: Set encoding to UTF-8.
  * control: Add libmaven-cobertura-plugin-java to build-depends.

 -- Timo Aaltonen <tjaalton@debian.org>  Wed, 24 Sep 2014 17:14:02 +0300

jackson-databind (2.2.2-2) unstable; urgency=low

  * Team upload.
  * Update Maven settings to use correct coordinates for Groovy 1.8.x.
    (Closes: #750267).
  * Bump Standards-Version to 3.9.5. No changes were required.

 -- Miguel Landaeta <nomadium@debian.org>  Mon, 26 May 2014 14:53:06 -0300

jackson-databind (2.2.2-1) unstable; urgency=low

  * Initial release. (Closes: #720504)

 -- Wolodja Wentland <debian@babilen5.org>  Thu, 22 Aug 2013 15:24:34 +0000