[Secure-testing-commits] r17988 - data/CVE

Luk Claes luk at alioth.debian.org
Mon Jan 2 06:47:16 UTC 2012


Author: luk
Date: 2012-01-02 06:47:15 +0000 (Mon, 02 Jan 2012)
New Revision: 17988

Modified:
   data/CVE/list
Log:
confirmed libspring-2.5-java not affected

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-02 06:39:26 UTC (rev 17987)
+++ data/CVE/list	2012-01-02 06:47:15 UTC (rev 17988)
@@ -22658,8 +22658,7 @@
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in Struts ...)
 	- libstruts1.2-java <not-affected> (issue involves a problem in xwork, which was introduced in struts2)
-	- libspring-2.5-java <undetermined>
-	TODO: check
+	- libspring-2.5-java <not-affected> (Vulnerable code not present)
 CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript 8.70 ...)
 	{DSA-2080-1}
 	- ghostscript 8.71~dfsg-4 




More information about the Secure-testing-commits mailing list