Forum: >>> Magnum BBS <<<

Bug#983664: jackson-dataformat-cbor: CVE-2020-28491

From Bastian Germann@21:1/5 to All on Fri Apr 4 11:30:01 2025

I am uploading a NMU to fix this.
Please find the debdiff attached.

diff -Nru jackson-dataformat-cbor-2.7.8/debian/changelog jackson-dataformat-cbor-2.7.8/debian/changelog
--- jackson-dataformat-cbor-2.7.8/debian/changelog 2021-11-04 10:06:56.000000000 +0100
+++ jackson-dataformat-cbor-2.7.8/debian/changelog 2025-04-04 08:32:50.000000000 +0200
@@ -1,3 +1,10 @@
+jackson-dataformat-cbor (2.7.8-5.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Backport fix for CVE-2020-28491. (Closes: #983664)
+
+ -- Bastian Germann <bage@debian.org> Fri, 04 Apr 2025 08:32:50 +0200
+
jackson-dataformat-cbor (2.7.8-5) unstable; urgency=medium

* Team upload.
diff -Nru jackson-dataformat-cbor-2.7.8/debian/patches/CVE-2020-28491.diff jackson-dataformat-cbor-2.7.8/debian/patches/CVE-2020-28491.diff
--- jackson-dataformat-cbor-2.7.8/debian/patches/CVE-2020-28491.diff 1970-01-01 01:00:00.000000000 +0100
+++ jackson-dataformat-cbor-2.7.8/debian/patches/CVE-2020-28491.diff 2025-04-04 08:32:50.000000000 +0200
@@ -0,0 +1,301 @@
+Origin: upstream, de072d314af8f5f269c8abec6930652af67bc8e6
+From: Tatu Saloranta <tatu.saloranta@iki.fi>
+Date: Fri, 4 Dec 2020 16:27:55 -0800

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	493
Nodes:	16 (2 / 14)
Uptime:	156:18:25
Calls:	9,700
Files:	13,732
Messages:	6,179,463