Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a470b1b by Sylvain Beucler at 2021-04-12T19:41:20+02:00
CVE-2016-5007/libspring-java: precision
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -282445,7 +282445,7 @@ CVE-2016-5008 (libvirt before 2.0.0 improperly
disables password checking when t
NOTE: http://security.libvirt.org/2016/0001.html
CVE-2016-5007 (Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring
Framework 3.2. ...)
- libspring-java 4.3.2-1
- [jessie] - libspring-java <no-dsa> (Minor issue)
+ [jessie] - libspring-java <ignored> (Minor issue, no rdeps using both
spring-framework and spring-security, trimTokens mitigation not present in
3.0.x)
[wheezy] - libspring-java <not-affected> (Vulnerable code not present)
NOTE: https://pivotal.io/security/cve-2016-5007
NOTE:
https://github.com/spring-projects/spring-framework/commit/a30ab30
(v4.3.1.RELEASE)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a470b1b9315200b18d7d8192e91c7ea124130b3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a470b1b9315200b18d7d8192e91c7ea124130b3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
