Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7a470b1b by Sylvain Beucler at 2021-04-12T19:41:20+02:00 CVE-2016-5007/libspring-java: precision - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -282445,7 +282445,7 @@ CVE-2016-5008 (libvirt before 2.0.0 improperly disables password checking when t NOTE: http://security.libvirt.org/2016/0001.html CVE-2016-5007 (Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2. ...) - libspring-java 4.3.2-1 - [jessie] - libspring-java <no-dsa> (Minor issue) + [jessie] - libspring-java <ignored> (Minor issue, no rdeps using both spring-framework and spring-security, trimTokens mitigation not present in 3.0.x) [wheezy] - libspring-java <not-affected> (Vulnerable code not present) NOTE: https://pivotal.io/security/cve-2016-5007 NOTE: https://github.com/spring-projects/spring-framework/commit/a30ab30 (v4.3.1.RELEASE) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a470b1b9315200b18d7d8192e91c7ea124130b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a470b1b9315200b18d7d8192e91c7ea124130b3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits