Version in base suite: 2.14.0-1 Base version: jackson-databind_2.14.0-1 Target version: jackson-databind_2.14.0-1+deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/j/jackson-databind/jackson-databind_2.14.0-1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/j/jackson-databind/jackson-databind_2.14.0-1+deb12u1.dsc changelog | 6 ++++++ patches/CVE-2025-52999.patch | 39 +++++++++++++++++++++++++++++++++++++++ patches/series | 1 + 3 files changed, 46 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpyta3x5tx/jackson-databind_2.14.0-1.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpyta3x5tx/jackson-databind_2.14.0-1+deb12u1.dsc: no acceptable signature found diff -Nru jackson-databind-2.14.0/debian/changelog jackson-databind-2.14.0/debian/changelog --- jackson-databind-2.14.0/debian/changelog 2022-11-11 22:19:39.000000000 +0000 +++ jackson-databind-2.14.0/debian/changelog 2026-06-10 18:15:49.000000000 +0000 @@ -1,3 +1,9 @@ +jackson-databind (2.14.0-1+deb12u1) bookworm-security; urgency=medium + + * Fix FTBFS due to changes in jackson-core and restore compatibility. + + -- Markus Koschany Wed, 10 Jun 2026 20:15:49 +0200 + jackson-databind (2.14.0-1) unstable; urgency=medium * New upstream version 2.14.0. diff -Nru jackson-databind-2.14.0/debian/patches/CVE-2025-52999.patch jackson-databind-2.14.0/debian/patches/CVE-2025-52999.patch --- jackson-databind-2.14.0/debian/patches/CVE-2025-52999.patch 1970-01-01 00:00:00.000000000 +0000 +++ jackson-databind-2.14.0/debian/patches/CVE-2025-52999.patch 2026-06-10 18:15:49.000000000 +0000 @@ -0,0 +1,39 @@ +From: Markus Koschany +Date: Sat, 6 Jun 2026 14:04:23 +0200 +Subject: CVE-2025-52999 + +Related to CVE-2025-52999.patch in jackson-core. Fixes a FTBFS. + +Bug-Debian: https://bugs.debian.org/1135410 +Forwarded: not-needed +--- + src/main/java/com/fasterxml/jackson/databind/ObjectMapper.java | 2 +- + src/main/java/com/fasterxml/jackson/databind/ObjectWriter.java | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/main/java/com/fasterxml/jackson/databind/ObjectMapper.java b/src/main/java/com/fasterxml/jackson/databind/ObjectMapper.java +index d16d83a..87a07ab 100644 +--- a/src/main/java/com/fasterxml/jackson/databind/ObjectMapper.java ++++ b/src/main/java/com/fasterxml/jackson/databind/ObjectMapper.java +@@ -3861,7 +3861,7 @@ public class ObjectMapper + * Note: prior to version 2.1, throws clause included {@link IOException}; 2.1 removed it. + */ + public String writeValueAsString(Object value) +- throws JsonProcessingException ++ throws JsonProcessingException, IOException + { + // alas, we have to pull the recycler directly here... + SegmentedStringWriter sw = new SegmentedStringWriter(_jsonFactory._getBufferRecycler()); +diff --git a/src/main/java/com/fasterxml/jackson/databind/ObjectWriter.java b/src/main/java/com/fasterxml/jackson/databind/ObjectWriter.java +index 744d17f..890b855 100644 +--- a/src/main/java/com/fasterxml/jackson/databind/ObjectWriter.java ++++ b/src/main/java/com/fasterxml/jackson/databind/ObjectWriter.java +@@ -1132,7 +1132,7 @@ public class ObjectWriter + * Note: prior to version 2.1, throws clause included {@link IOException}; 2.1 removed it. + */ + public String writeValueAsString(Object value) +- throws JsonProcessingException ++ throws JsonProcessingException, IOException + { + // alas, we have to pull the recycler directly here... + SegmentedStringWriter sw = new SegmentedStringWriter(_generatorFactory._getBufferRecycler()); diff -Nru jackson-databind-2.14.0/debian/patches/series jackson-databind-2.14.0/debian/patches/series --- jackson-databind-2.14.0/debian/patches/series 2022-11-11 22:19:39.000000000 +0000 +++ jackson-databind-2.14.0/debian/patches/series 2026-06-10 18:15:49.000000000 +0000 @@ -1 +1,2 @@ base-pom.patch +CVE-2025-52999.patch