Hi Salvatore, Am 01.10.19 um 22:34 schrieb Salvatore Bonaccorso: > Source: jackson-databind > Version: 2.10.0-1 > Severity: grave > Tags: security upstream > Justification: user security hole > Forwarded: https://github.com/FasterXML/jackson-databind/issues/2478 > Control: found -1 2.9.8-3 > Control: found -1 2.8.6-1+deb9u5 > Control: found -1 2.8.6-1 > > Hi, > > Tony, Markus, As it was already expected ;-). Upstream, whilst it > affects as well 2.10.0, seemigly is not considering doing an update > for 2.10 specifically but have fixed this one as well for older > versions. Previous point, that this is just going to start to be silly > upholds. > > That said, let's follow with the usual information: > > The following vulnerabilities were published for jackson-databind. [...]
First of all, thank you very much for taking care of reporting these issues. Please let me know if you think this is a DSA-worthy issue. Otherwise I will just ask the release team for an update. Personally I believe we can treat that as an important issue from now on. Cheers, Markus
signature.asc
Description: OpenPGP digital signature
