Debian Bug report logs - #987489
buster-pu: package jackson-databind/2.9.8-3+deb10u3

version graph

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Utkarsh Gupta <utkarsh@debian.org>

Date: Sat, 24 Apr 2021 14:42:01 UTC

Severity: normal

Tags: buster

Fixed in version release.debian.org/10.10

Done: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, apo@debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#987489; Package release.debian.org. (Sat, 24 Apr 2021 14:42:03 GMT) (full text, mbox, link).

Acknowledgement sent to Utkarsh Gupta <utkarsh@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, apo@debian.org, Debian Release Team <debian-release@lists.debian.org>. (Sat, 24 Apr 2021 14:42:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Utkarsh Gupta <utkarsh@debian.org>
To: submit@bugs.debian.org
Subject: buster-pu: package jackson-databind/2.9.8-3+deb10u3
Date: Sat, 24 Apr 2021 20:09:02 +0530
[Message part 1 (text/plain, inline)]
Package: release.debian.org
User: release.debian.org@packages.debian.org
X-Debbugs-Cc: team@security.debian.org, apo@debian.org
Usertags: pu bsp-2021-04-AT-Salzburg
Tags: buster
Severity: normal

Hello,

src:jackson-databind has been affected by 18 CVEs which are fixed in
unstable and bullseye (and also jessie). Therefore, I'd like them to
be fixed in buster as well. And hence this pu update.

The debdiff is duly attached. Let me know if you need any more information. TIA!


- u

[jackson-databind-buster.debdiff (application/octet-stream, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#987489; Package release.debian.org. (Mon, 03 May 2021 18:09:02 GMT) (full text, mbox, link).

Acknowledgement sent to Adam D Barratt <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Mon, 03 May 2021 18:09:02 GMT) (full text, mbox, link).

Message #10 received at 987489@bugs.debian.org (full text, mbox, reply):

From: Adam D Barratt <adam@adam-barratt.org.uk>
To: 987489@bugs.debian.org
Cc: 987489-submitter@bugs.debian.org
Subject: jackson-databind 2.9.8-3+deb10u3 flagged for acceptance
Date: Mon, 03 May 2021 18:06:22 +0000
package release.debian.org
tags 987489 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==============

Package: jackson-databind
Version: 2.9.8-3+deb10u3

Explanation: fix external entity expansion issue [CVE-2020-25649] and several serialization-related issues [CVE-2020-24616 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-20190]

Added tag(s) pending. Request was from Adam D Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Mon, 03 May 2021 18:09:11 GMT) (full text, mbox, link).

Message sent on to Utkarsh Gupta <utkarsh@debian.org>:
Bug#987489. (Mon, 03 May 2021 18:09:15 GMT) (full text, mbox, link).

Reply sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
You have taken responsibility. (Sat, 19 Jun 2021 10:00:36 GMT) (full text, mbox, link).

Notification sent to Utkarsh Gupta <utkarsh@debian.org>:
Bug acknowledged by developer. (Sat, 19 Jun 2021 10:00:36 GMT) (full text, mbox, link).

Message #20 received at 987489-done@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: 934206-done@bugs.debian.org, 982996-done@bugs.debian.org, 983110-done@bugs.debian.org, 984604-done@bugs.debian.org, 985791-done@bugs.debian.org, 985792-done@bugs.debian.org, 985943-done@bugs.debian.org, 986001-done@bugs.debian.org, 986014-done@bugs.debian.org, 986112-done@bugs.debian.org, 986224-done@bugs.debian.org, 986673-done@bugs.debian.org, 987038-done@bugs.debian.org, 987042-done@bugs.debian.org, 987048-done@bugs.debian.org, 987164-done@bugs.debian.org, 987210-done@bugs.debian.org, 987246-done@bugs.debian.org, 987489-done@bugs.debian.org, 987494-done@bugs.debian.org, 987529-done@bugs.debian.org, 987531-done@bugs.debian.org, 987548-done@bugs.debian.org, 987719-done@bugs.debian.org, 987725-done@bugs.debian.org, 987726-done@bugs.debian.org, 987731-done@bugs.debian.org, 987859-done@bugs.debian.org, 987958-done@bugs.debian.org, 988255-done@bugs.debian.org, 988314-done@bugs.debian.org, 988365-done@bugs.debian.org, 988453-done@bugs.debian.org, 988454-done@bugs.debian.org, 988455-done@bugs.debian.org, 988482-done@bugs.debian.org, 988492-done@bugs.debian.org, 988508-done@bugs.debian.org, 988936-done@bugs.debian.org, 988962-done@bugs.debian.org, 988974-done@bugs.debian.org, 988977-done@bugs.debian.org, 989023-done@bugs.debian.org, 989024-done@bugs.debian.org, 989129-done@bugs.debian.org, 989132-done@bugs.debian.org, 989420-done@bugs.debian.org, 989422-done@bugs.debian.org, 989509-done@bugs.debian.org, 989623-done@bugs.debian.org, 989668-done@bugs.debian.org, 989701-done@bugs.debian.org, 989702-done@bugs.debian.org, 989768-done@bugs.debian.org, 989772-done@bugs.debian.org
Subject: Closing p-u requests for fixes included in 10.10 point release
Date: Sat, 19 Jun 2021 10:56:39 +0100
Package: release.debian.org
Version: 10.10

Hi,

Each of the updates referenced in these bugs was included in the 10.10
point release today.

Regards,

Adam

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 18 Jul 2021 07:30:01 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Oct 8 03:09:27 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.