Le 26/11/2014 12:41, Moritz Muehlenhoff a écrit :
> I didn't look into the specific issue, but Red Hat Bugzilla has
> references to isolated patches?
>
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225
I don't know why the title of the mail refers to CVE-2014-0225, but the
bug #760733
On Wed, Nov 26, 2014 at 12:40:37PM +0100, Emmanuel Bourg wrote:
> I've been investigating this issue as well. I contacted an upstream
> developer and it seems the actual fix for this issue is unknown. The
> version 3.2.0 was just reported as not vulnerable by the security
> researched who discovere
I've been investigating this issue as well. I contacted an upstream
developer and it seems the actual fix for this issue is unknown. The
version 3.2.0 was just reported as not vulnerable by the security
researched who discovered this issue.
I can prepare an upgrade to the latest 3.2.x version but
On 26 Nov 2014 10:45, "Raphael Hertzog" wrote:
>
> Hello Stephen,
>
> On Mon, 08 Sep 2014, Stephen Nelson wrote:
> > > For what it's worth, CVE-2014-3578 was assigned to a directory
traversal
> > > vulnerability in libspring-java
> > > ( http://www.pivotal.io/security/cve-2014-3578)
> >
> > Thanks
Hello Stephen,
On Mon, 08 Sep 2014, Stephen Nelson wrote:
> > For what it's worth, CVE-2014-3578 was assigned to a directory traversal
> > vulnerability in libspring-java
> > ( http://www.pivotal.io/security/cve-2014-3578)
>
> Thanks for letting us know about this one. I've had a quick look and it
On sam., 2014-09-06 at 21:38 -0700, tony mancill wrote:
> On 09/06/2014 11:36 AM, Salvatore Bonaccorso wrote:
> > Hi Tony,
> >
> > On Sat, Sep 06, 2014 at 08:50:24AM -0700, tony mancill wrote:
> >> On Wed, 02 Jul 2014 10:36:55 +0200 Moritz Muehlenhoff
> >> wrote:
> >>> Package: libspring-java
> >
6 matches
Mail list logo
