File _patchinfo of Package patchinfo.26428

<patchinfo incident="26428">
  <issue tracker="bnc" id="1204370">VUL-0: CVE-2022-42003: jackson-databind: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS</issue>
  <issue tracker="bnc" id="1204369">VUL-0: CVE-2022-42004: jackson-databind: jackson-databind: use of deeply nested arrays</issue>
  <issue tracker="cve" id="2022-42004"/>
  <issue tracker="cve" id="2022-42003"/>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for jackson-databind</summary>
  <description>This update for jackson-databind fixes the following issues:

  Update to version 2.13.4.2:

  - CVE-2022-42003: Fixed missing check in primitive value deserializers to avoid deep wrapper array nesting wrt 'UNWRAP_SINGLE_VALUE_ARRAYS' (bsc#1204370).
  - CVE-2022-42004: Fixed missing check in 'BeanDeserializer._deserializeFromArray()' to prevent use of deeply nested arrays (bsc#1204369).
</description>
</patchinfo>
Places

File _patchinfo of Package patchinfo.26428

Places
