——————————————————————————–
Fedora Update Notification
FEDORA-2016-d708261ce2
2016-05-16 14:06:57.684344
——————————————————————————–
Name : jackson-dataformat-xml
Product : Fedora 22
Version : 2.5.0
Release : 3.fc22
URL : http://wiki.fasterxml.com/JacksonExtensionXmlDataBinding
Summary : XML data binding extension for Jackson
Description :
Data format extension for Jackson (http://jackson.codehaus.org)
to offer alternative support for serializing POJOs as XML and
deserializing XML as POJOs. Support implemented on top of Stax API
(javax.xml.stream), by implementing core Jackson Streaming API types
like JsonGenerator, JsonParser and JsonFactory. Some data-binding types
overridden as well (ObjectMapper sub-classed as XmlMapper).
——————————————————————————–
Update Information:
Security fix for CVE-2016-3720
——————————————————————————–
References:
[ 1 ] Bug #1328427 – CVE-2016-3720 jackson-dataformat-xml: XmlMapper is vulnerable to XXE attack
https://bugzilla.redhat.com/show_bug.cgi?id=1328427
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update jackson-dataformat-xml’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org