[Secure-testing-commits] r43101 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Jul 10 17:41:01 UTC 2016
Author: carnil
Date: 2016-07-10 17:41:01 +0000 (Sun, 10 Jul 2016)
New Revision: 43101
Modified:
data/CVE/list
Log:
Add CVE-2016-5007/libspring-java (unchecked, left TODO)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-10 17:36:27 UTC (rev 43100)
+++ data/CVE/list 2016-07-10 17:41:01 UTC (rev 43101)
@@ -3382,8 +3382,14 @@
NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bb848feec0f3f10e92dd8e5231ae7aa89b5598f3 (v2.0.0)
NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=f32441c69bf450d6ac593c3acd621c37e120cdaf (v1.2.9-maint)
NOTE: http://security.libvirt.org/2016/0001.html
-CVE-2016-5007
+CVE-2016-5007 [Spring Security / MVC Path Matching Inconsistency]
RESERVED
+ - libspring-java <unfixed>
+ NOTE: https://pivotal.io/security/cve-2016-5007
+ NOTE: https://github.com/spring-projects/spring-framework/commit/a30ab3
+ NOTE: https://github.com/spring-projects/spring-security/commit/e4c13e
+ NOTE: Upstream bug: https://github.com/spring-projects/spring-security/issues/3964
+ TODO: check affected versions
CVE-2016-5006
RESERVED
CVE-2016-5005
More information about the Secure-testing-commits
mailing list