[Secure-testing-commits] r46141 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-11-12 06:35:12 +0000 (Sat, 12 Nov 2016)
New Revision: 46141

Modified:
   data/CVE/list
Log:
Update information for CVE-2016-5007

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-12 06:10:28 UTC (rev 46140)
+++ data/CVE/list	2016-11-12 06:35:12 UTC (rev 46141)
@@ -14078,10 +14078,10 @@
 	NOTE: http://security.libvirt.org/2016/0001.html
 CVE-2016-5007 [Spring Security / MVC Path Matching Inconsistency]
 	RESERVED
-	- libspring-java <unfixed>
+	- libspring-java 4.3.2-1
 	[wheezy] - libspring-java <not-affected> (Vulnerable code not present)
 	NOTE: https://pivotal.io/security/cve-2016-5007
-	NOTE: https://github.com/spring-projects/spring-framework/commit/a30ab3
+	NOTE: https://github.com/spring-projects/spring-framework/commit/a30ab3 (v4.3.1.RELEASE)
 	NOTE: https://github.com/spring-projects/spring-security/commit/e4c13e
 	NOTE: Upstream bug: https://github.com/spring-projects/spring-security/issues/3964
 	NOTE: Mitigations exists in https://pivotal.io/security/cve-2016-5007