Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8cb15bda by Moritz Muehlenhoff at 2026-06-10T12:59:20+02:00
new libspring-security-2.0-java issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -238,27 +238,33 @@ CVE-2026-41714 (Applications that configure their broker 
connection via RabbitCo
 CVE-2026-41711 (Applications using Spring Data Commons may be vulnerable to a 
Denial o ...)
        NOT-FOR-US: VMware
 CVE-2026-41706 (Spring Security's CookieRequestCache and 
CookieServerRequestCache stor ...)
-       TODO: check
+       - libspring-security-2.0-java <removed>
+       NOTE: https://spring.io/security/cve-2026-41706
 CVE-2026-41701 (Correlation IDs for replies in the 
RabbitTemplate.sendAndReceive() wit ...)
        NOT-FOR-US: VMware
 CVE-2026-41697 (Spring Data Relational does not properly escape binding values 
of exte ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41696 (Spring Data MongoDB repository query methods annotated with 
@Query tha ...)
        NOT-FOR-US: VMware
 CVE-2026-41695 (Spring Data Commons applications may be vulnerable to denial 
of servic ...)
        NOT-FOR-US: VMware
 CVE-2026-41694 (Since Spring Security SAML decrypts SAML Responses as well as 
elements ...)
-       TODO: check
+       - libspring-security-2.0-java <removed>
+       NOTE: https://spring.io/security/cve-2026-41694
 CVE-2026-41008 (Spring Security Authorization Server's authorization endpoint 
performs ...)
-       TODO: check
+       - libspring-security-2.0-java <not-affected> (Only affects 7.x)
+       NOTE: https://spring.io/security/cve-2026-41008
 CVE-2026-41003 (An attacker able to influence values in 
RelyingPartyRegistration may b ...)
-       TODO: check
+       - libspring-security-2.0-java <removed>
+       NOTE: https://spring.io/security/cve-2026-41003
 CVE-2026-40993 (An attacker with write permissions to the database table 
managed by Jd ...)
-       TODO: check
+       - libspring-security-2.0-java <not-affected> (Only affects 7.x)
+       NOTE: https://spring.io/security/cve-2026-40993
 CVE-2026-40991 (When using spring-restdocs-webtestclient or 
spring-restdocs-restassure ...)
        NOT-FOR-US: VMware
 CVE-2026-40988 (An application using spring-security-saml2-service-provider 
and the RE ...)
-       TODO: check
+       - libspring-security-2.0-java <removed>
+       NOTE: https://spring.io/security/cve-2026-40988
 CVE-2026-3326 (The Xstore WordPress theme before 9.7.3 does not properly 
sanitise and ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-34713 (CAI Content Credentials versions [email protected], c2pa-v0.80.1 
and earl ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cb15bdaddcdce99ea82829bb789b5dbe585a5a4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cb15bdaddcdce99ea82829bb789b5dbe585a5a4
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to