anacron (2.3-28) unstable; urgency=medium . * QA upload. * Clean up obsolete conffile /etc/apm/event.d/anacron on upgrades. (Closes: #915664) cargo (0.33.0-3) unstable; urgency=medium . * Drop patch to capture rustc error output, it is unnecessary. * Add upstream patch to fix typenum bug. cargo (0.33.0-2) unstable; urgency=medium . * Add patch to capture rustc error output if extra-verbose. fastqc (0.11.8+dfsg-2) unstable; urgency=medium . * Team upload. . [ Jelmer Vernooij ] * Trim trailing whitespace. * Use secure copyright file specification URI. . [ Michael R. Crusoe ] * debian/fastqc.desktop: Update path to the icon. . [ Dylan Aïssi ] * Update d/patches/htsjdk-api.patch to fix processing of SAM/BAM files (Closes: #897109). Thanks to Chris Norman. jackson-databind (2.9.8-2) unstable; urgency=medium . * Team upload. * Fix CVE-2019-12086: A Polymorphic Typing issue was discovered in jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. (Closes: #929177) ruby-devise (4.5.0-3) unstable; urgency=medium . * Team upload * Add patch to fix CVE-2019-5421 (Fixes: CVE-2019-5421) (Closes: #926348) rust-typenum (1.10.0-2) unstable; urgency=medium . * Team upload. * Package typenum 1.10.0 from crates.io using debcargo 2.2.10 * Add patch that fixes FTBFS on i386.