Your message dated Fri, 04 Apr 2025 09:34:25 +0000
with message-id <e1u0drr-002obv...@fasolo.debian.org>
and subject line Bug#983664: fixed in jackson-dataformat-cbor 2.7.8-5.1
has caused the Debian Bug report #983664,
regarding jackson-dataformat-cbor: CVE-2020-28491
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
983664: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983664
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jackson-dataformat-cbor
Version: 2.7.8-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/FasterXML/jackson-dataformats-binary/issues/186
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for jackson-dataformat-cbor.
CVE-2020-28491[0]:
| This affects the package com.fasterxml.jackson.dataformat:jackson-
| dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before
| 2.12.1. Unchecked allocation of byte buffer can cause a
| java.lang.OutOfMemoryError exception.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-28491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28491
[1] https://github.com/FasterXML/jackson-dataformats-binary/issues/186
[2]
https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6
[2] https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: jackson-dataformat-cbor
Source-Version: 2.7.8-5.1
Done: Bastian Germann <b...@debian.org>
We believe that the bug you reported is fixed in the latest version of
jackson-dataformat-cbor, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 983...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Germann <b...@debian.org> (supplier of updated jackson-dataformat-cbor
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 04 Apr 2025 08:32:50 +0200
Source: jackson-dataformat-cbor
Architecture: source
Version: 2.7.8-5.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Bastian Germann <b...@debian.org>
Closes: 983664
Changes:
jackson-dataformat-cbor (2.7.8-5.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Backport fix for CVE-2020-28491. (Closes: #983664)
Checksums-Sha1:
b9727a3b585b8f7fbc8be7f0d3791a9eaa1921a2 2251
jackson-dataformat-cbor_2.7.8-5.1.dsc
d411e95d288b19c564b4e8e062b95435a433d335 6388
jackson-dataformat-cbor_2.7.8-5.1.debian.tar.xz
b211a78ae646a79b595885e46cb8370ab07e2a71 14927
jackson-dataformat-cbor_2.7.8-5.1_source.buildinfo
Checksums-Sha256:
28ee6923038acfcfd7b6b2e12efd66982a8fcb86ba0c4493c0e513c2f837a07b 2251
jackson-dataformat-cbor_2.7.8-5.1.dsc
5c6cb56e43ae32f1661d0985a0d3c0ec9f014c2a8c2b475d20ba0ae626e02fc0 6388
jackson-dataformat-cbor_2.7.8-5.1.debian.tar.xz
9b5d4d208d8d933cfc229ff56ca593d2fab09875d4fc078c7a2fb405a5c298e7 14927
jackson-dataformat-cbor_2.7.8-5.1_source.buildinfo
Files:
d505c9402513fb08572a8d576a42750c 2251 java optional
jackson-dataformat-cbor_2.7.8-5.1.dsc
5e98e48e99f0f2ec0be5cb4f509f6b39 6388 java optional
jackson-dataformat-cbor_2.7.8-5.1.debian.tar.xz
69e625e45ac2e2950212f0913942e5b2 14927 java optional
jackson-dataformat-cbor_2.7.8-5.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmfvmtcQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFDrgC/9XbeJQpXWqQVELvvi44MPcjphEulu4sGPf
84rtYVFGoLBmHVt2YO85p6BtbsoU6CNGZIDQnw6hXUUYgMxwM61ibTdUt2EgMQZ5
iFDbEgX8505MuBE/dPF+PQhaLouYIyx0dbLZwgNXHzOxoZX8a+Sj9Fr6LoIQQY77
SIUsJBxJ85qifwNUUwGyJeo3ADPHhKrHi2nMEHdLrTY3RIMMqshfDkCc5dsKZMWJ
olSCl9oSfSrJLEF/ZVFo28+vcvZTTKI/5rgZqNxLJc7COhCmC4MQXmToz82aLqbk
SgVg7SnW5FH/WGOr7skoJuKdTJlDU/sTFd+aCD/CPAkB+rtdmeSCy/WH6h0aK4tb
rMUXtTqngTZ+cowyzCp1kwJ1RqiFeLJ/Ldg4+46K5bxI03JdN7zf1duf3Nztvrv/
nIhXehL4bRuUqoqIhl3u+X1NdHL6RiHoE274NDPRX2bgoQK1440bd0/0ixabm7AC
zpBvAN+MnhxZr+pfDccl+NSqXt/PiOE=
=T+hS
-----END PGP SIGNATURE-----
pgpR4wKNR_8im.pgp
Description: PGP signature
--- End Message ---
