[Secure-testing-commits] r46142 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Nov 12 06:37:52 UTC 2016
Author: carnil
Date: 2016-11-12 06:37:52 +0000 (Sat, 12 Nov 2016)
New Revision: 46142
Modified:
data/CVE/list
Log:
Mark CVE-2016-5007 as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-12 06:35:12 UTC (rev 46141)
+++ data/CVE/list 2016-11-12 06:37:52 UTC (rev 46142)
@@ -14079,13 +14079,14 @@
CVE-2016-5007 [Spring Security / MVC Path Matching Inconsistency]
RESERVED
- libspring-java 4.3.2-1
+ [jessie] - libspring-java <no-dsa> (Minor issue)
[wheezy] - libspring-java <not-affected> (Vulnerable code not present)
NOTE: https://pivotal.io/security/cve-2016-5007
NOTE: https://github.com/spring-projects/spring-framework/commit/a30ab3 (v4.3.1.RELEASE)
NOTE: https://github.com/spring-projects/spring-security/commit/e4c13e
NOTE: Upstream bug: https://github.com/spring-projects/spring-security/issues/3964
NOTE: Mitigations exists in https://pivotal.io/security/cve-2016-5007
- TODO: check affected versions
+ NOTE: Other (already unsupported) versions are affected as well by the issue
CVE-2016-5006
RESERVED
CVE-2016-5005 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and ...)
More information about the Secure-testing-commits
mailing list