[Git][security-tracker-team/security-tracker][master] new spring issues, spring NFUs

Moritz Muehlenhoff jmm at debian.org
Wed May 16 11:17:10 BST 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dfdc7c4f by Moritz Muehlenhoff at 2018-05-16T12:16:41+02:00
new spring issues, spring NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -26745,17 +26745,19 @@ CVE-2018-1263 (Addresses partial fix in CVE-2018-1261. Pivotal ...)
 CVE-2018-1262 (Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a ...)
 	TODO: check
 CVE-2018-1261 (Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Spring-integration-zip
 CVE-2018-1260 (Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to ...)
-	TODO: check
+	NOT-FOR-US: Spring Security OAuth
 CVE-2018-1259 (Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to ...)
-	TODO: check
+	NOT-FOR-US: Spring Data Commons
 CVE-2018-1258 (Spring Security in combination with Spring Framework versions prior to ...)
-	TODO: check
+	- libspring-security-2.0-java <removed>
+	NOTE: https://pivotal.io/security/cve-2018-1258
 CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior ...)
-	TODO: check
+	- libspring-java <unfixed>
+	NOTE: https://pivotal.io/security/cve-2018-1257
 CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression which ...)
-	TODO: check
+	NOT-FOR-US: Spring Cloud SSO Connector
 CVE-2018-1255
 	RESERVED
 CVE-2018-1254



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dfdc7c4fddbd9803f332d7f3cff69e3c7b41b5fd

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dfdc7c4fddbd9803f332d7f3cff69e3c7b41b5fd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180516/8901e934/attachment.html>


More information about the debian-security-tracker-commits mailing list