Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ba8fbe0b by Moritz Muehlenhoff at 2026-06-09T12:23:51+02:00
new spring issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -90,41 +90,76 @@ CVE-2026-41978 (Permission control vulnerability in the
clone module.Impact: Suc
CVE-2026-41975 (Permission management vulnerability in the network management
module.I ...)
NOT-FOR-US: Huawei
CVE-2026-41855 (In an untrusted JMS environment,
org.springframework.jms.support.conve ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41855
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41854 (Due to incorrect host parsing, applications that rely on
UriComponents ...)
- TODO: check
+ - libspring-java <not-affected> (Only affects Spring 6 and later)
+ NOTE: https://spring.io/security/cve-2026-41854
CVE-2026-41853 (Spring MVC and WebFlux applications are vulnerable to
Multipart reques ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41853
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41852 (A vulnerability in Spring Expression Language (SpEL)
evaluation logic ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41852
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41851 (Applications which accept user-supplied Spring Expression
Language (Sp ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41851
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41850 (Applications that evaluate user-supplied Spring Expression
Language (S ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41850
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41849 (An integer overflow vulnerability exists in the evaluation
logic of th ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41849
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41848 (Applications may be vulnerable to a Regular Expression Denial
of Servi ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41848
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41847 (Spring WebFlux applications may be vulnerable to a security
bypass whe ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41847
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41846 (Spring MVC applications which accept user-supplied values in
the cssCl ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41846
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41845 (Due to incorrect escaping, the use of
JavaScriptUtils.javaScriptEscape ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41845
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41844 (A Spring MVC or Spring WebFlux application which configures a
mapping ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41844
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41843 (Spring MVC and WebFlux applications are vulnerable to Path
Traversal a ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41843
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41842 (Spring MVC and WebFlux applications are vulnerable to Denial
of Servic ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41842
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41841 (Spring MVC and WebFlux applications are vulnerable to
Information Disc ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41841
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41840 (Spring WebFlux applications are vulnerable to Denial of
Service (DoS) ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41840
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41839 (A WebFlux application with a compromised subdomain (for
example, compr ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41839
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41838 (IDs for WebSocket sessions in the spring-websocket module are
not cryp ...)
- TODO: check
+ - libspring-java <unfixed> (unimportant)
+ NOTE: https://spring.io/security/cve-2026-41838
+ NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2026-41720 (Spring LDAP's DirContextAuthenticationStrategy implementations
do not ...)
TODO: check
CVE-2026-41715 (In specific scenarios involving HTTP redirects from a secure
to an ins ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba8fbe0b3c3191b7a034c6117ea01a471d1de114
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba8fbe0b3c3191b7a034c6117ea01a471d1de114
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits