Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8cb15bda by Moritz Muehlenhoff at 2026-06-10T12:59:20+02:00
new libspring-security-2.0-java issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -238,27 +238,33 @@ CVE-2026-41714 (Applications that configure their broker
connection via RabbitCo
CVE-2026-41711 (Applications using Spring Data Commons may be vulnerable to a
Denial o ...)
NOT-FOR-US: VMware
CVE-2026-41706 (Spring Security's CookieRequestCache and
CookieServerRequestCache stor ...)
- TODO: check
+ - libspring-security-2.0-java <removed>
+ NOTE: https://spring.io/security/cve-2026-41706
CVE-2026-41701 (Correlation IDs for replies in the
RabbitTemplate.sendAndReceive() wit ...)
NOT-FOR-US: VMware
CVE-2026-41697 (Spring Data Relational does not properly escape binding values
of exte ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-41696 (Spring Data MongoDB repository query methods annotated with
@Query tha ...)
NOT-FOR-US: VMware
CVE-2026-41695 (Spring Data Commons applications may be vulnerable to denial
of servic ...)
NOT-FOR-US: VMware
CVE-2026-41694 (Since Spring Security SAML decrypts SAML Responses as well as
elements ...)
- TODO: check
+ - libspring-security-2.0-java <removed>
+ NOTE: https://spring.io/security/cve-2026-41694
CVE-2026-41008 (Spring Security Authorization Server's authorization endpoint
performs ...)
- TODO: check
+ - libspring-security-2.0-java <not-affected> (Only affects 7.x)
+ NOTE: https://spring.io/security/cve-2026-41008
CVE-2026-41003 (An attacker able to influence values in
RelyingPartyRegistration may b ...)
- TODO: check
+ - libspring-security-2.0-java <removed>
+ NOTE: https://spring.io/security/cve-2026-41003
CVE-2026-40993 (An attacker with write permissions to the database table
managed by Jd ...)
- TODO: check
+ - libspring-security-2.0-java <not-affected> (Only affects 7.x)
+ NOTE: https://spring.io/security/cve-2026-40993
CVE-2026-40991 (When using spring-restdocs-webtestclient or
spring-restdocs-restassure ...)
NOT-FOR-US: VMware
CVE-2026-40988 (An application using spring-security-saml2-service-provider
and the RE ...)
- TODO: check
+ - libspring-security-2.0-java <removed>
+ NOTE: https://spring.io/security/cve-2026-40988
CVE-2026-3326 (The Xstore WordPress theme before 9.7.3 does not properly
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2026-34713 (CAI Content Credentials versions [email protected], c2pa-v0.80.1
and earl ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cb15bdaddcdce99ea82829bb789b5dbe585a5a4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cb15bdaddcdce99ea82829bb789b5dbe585a5a4
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits