[Git][security-tracker-team/security-tracker][master] Three more libspring-java issues were already fixed in unstable
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 1 13:35:05 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6abd9bd3 by Salvatore Bonaccorso at 2019-01-01T13:34:49Z
Three more libspring-java issues were already fixed in unstable
CVE-2018-11039, CVE-2018-11040 and CVE-2018-1257 were already fixed
upstream in 4.3.18 and 4.3.17 respectively so the 4.3.19-1 upload in
unstable did contain the fixes already.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31786,11 +31786,11 @@ CVE-2018-11042
CVE-2018-11041 (Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to ...)
- - libspring-java <unfixed>
+ - libspring-java 4.3.19-1
[jessie] - libspring-java <no-dsa> (unable to find relevant commits)
NOTE: https://pivotal.io/security/cve-2018-11040
CVE-2018-11039 (Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior ...)
- - libspring-java <unfixed>
+ - libspring-java 4.3.19-1
[jessie] - libspring-java <no-dsa> (Minor issue)
NOTE: https://pivotal.io/security/cve-2018-11039
CVE-2017-18270 (In the Linux kernel before 4.13.5, a local user could create keyrings ...)
@@ -59883,7 +59883,7 @@ CVE-2018-1258 (Spring Framework version 5.0.5 when used in combination with any
[jessie] - libspring-security-2.0-java <not-affected> (Affected version not in jessie)
NOTE: https://pivotal.io/security/cve-2018-1258
CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior ...)
- - libspring-java <unfixed>
+ - libspring-java 4.3.19-1
[jessie] - libspring-java <no-dsa> (hard to find upstream commits regarding this)
NOTE: https://pivotal.io/security/cve-2018-1257
CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression which ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6abd9bd30876901df0aed1e3d9f6607423567db4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6abd9bd30876901df0aed1e3d9f6607423567db4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190101/28a6513d/attachment.html>
More information about the debian-security-tracker-commits
mailing list