[Git][security-tracker-team/security-tracker][master] Three more libspring-java issues were already fixed in unstable

Salvatore Bonaccorso carnil at debian.org
Tue Jan 1 13:35:05 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6abd9bd3 by Salvatore Bonaccorso at 2019-01-01T13:34:49Z
Three more libspring-java issues were already fixed in unstable

CVE-2018-11039, CVE-2018-11040 and CVE-2018-1257 were already fixed
upstream in 4.3.18 and 4.3.17 respectively so the 4.3.19-1 upload in
unstable did contain the fixes already.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31786,11 +31786,11 @@ CVE-2018-11042
 CVE-2018-11041 (Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to ...)
-	- libspring-java <unfixed>
+	- libspring-java 4.3.19-1
 	[jessie] - libspring-java <no-dsa> (unable to find relevant commits)
 	NOTE: https://pivotal.io/security/cve-2018-11040
 CVE-2018-11039 (Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior ...)
-	- libspring-java <unfixed>
+	- libspring-java 4.3.19-1
 	[jessie] - libspring-java <no-dsa> (Minor issue)
 	NOTE: https://pivotal.io/security/cve-2018-11039
 CVE-2017-18270 (In the Linux kernel before 4.13.5, a local user could create keyrings ...)
@@ -59883,7 +59883,7 @@ CVE-2018-1258 (Spring Framework version 5.0.5 when used in combination with any
 	[jessie] - libspring-security-2.0-java <not-affected> (Affected version not in jessie)
 	NOTE: https://pivotal.io/security/cve-2018-1258
 CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior ...)
-	- libspring-java <unfixed>
+	- libspring-java 4.3.19-1
 	[jessie] - libspring-java <no-dsa> (hard to find upstream commits regarding this)
 	NOTE: https://pivotal.io/security/cve-2018-1257
 CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression which ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6abd9bd30876901df0aed1e3d9f6607423567db4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6abd9bd30876901df0aed1e3d9f6607423567db4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190101/28a6513d/attachment.html>


More information about the debian-security-tracker-commits mailing list