Debian Linux Security Advisory 4190-1 - It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525.
1090563f3dea361b89c7b318f5116822254650fbc24a52bdbe7a40672715bf18