Author: carnil
Date: 2016-11-12 06:35:12 +0000 (Sat, 12 Nov 2016)
New Revision: 46141
Modified:
data/CVE/list
Log:
Update information for CVE-2016-5007
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-12 06:10:28 UTC (rev 46140)
+++ data/CVE/list 2016-11-12 06:35:12 UTC (rev 46141)
@@ -14078,10 +14078,10 @@
NOTE: http://security.libvirt.org/2016/0001.html
CVE-2016-5007 [Spring Security / MVC Path Matching Inconsistency]
RESERVED
- - libspring-java <unfixed>
+ - libspring-java 4.3.2-1
[wheezy] - libspring-java <not-affected> (Vulnerable code not present)
NOTE: https://pivotal.io/security/cve-2016-5007
- NOTE: https://github.com/spring-projects/spring-framework/commit/a30ab3
+ NOTE: https://github.com/spring-projects/spring-framework/commit/a30ab3
(v4.3.1.RELEASE)
NOTE: https://github.com/spring-projects/spring-security/commit/e4c13e
NOTE: Upstream bug:
https://github.com/spring-projects/spring-security/issues/3964
NOTE: Mitigations exists in https://pivotal.io/security/cve-2016-5007
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
