[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add information for CVE-2018-1275 and CVE-2018-1270

Tue Apr 10 07:29:24 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7868d57 by Salvatore Bonaccorso at 2018-04-10T08:29:02+02:00
Add information for CVE-2018-1275 and CVE-2018-1270

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -23026,8 +23026,10 @@ CVE-2018-1277
 	RESERVED
 CVE-2018-1276
 	RESERVED
-CVE-2018-1275
+CVE-2018-1275 [Address partial fix for CVE-2018-1270]
 	RESERVED
+	- libspring-java <not-affected> (Partial fix for CVE-2018-1270 not applied)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1565307
 CVE-2018-1274
 	RESERVED
 CVE-2018-1273
@@ -23041,6 +23043,8 @@ CVE-2018-1271 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 pr
 CVE-2018-1270 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior ...)
 	- libspring-java <unfixed> (bug #895114)
 	NOTE: https://pivotal.io/security/cve-2018-1270
+	NOTE: when addressing this issue make sure to not only apply a partial fix but
+	NOTE: make it complete, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1565307
 CVE-2018-1269
 	RESERVED
 CVE-2018-1268



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7868d578982d645a2f793de021c7af25c08e34d

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7868d578982d645a2f793de021c7af25c08e34d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180410/60c6b6f3/attachment.html>
