[Git][security-tracker-team/security-tracker][master] CVE-2019-11272/libspring-security-2.0-java: jessie triage

Fri Jul 5 10:20:28 BST 2019


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
457f274f by Sylvain Beucler at 2019-07-05T09:19:41Z
CVE-2019-11272/libspring-security-2.0-java: jessie triage

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5139,6 +5139,7 @@ CVE-2019-11273
 	RESERVED
 CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older unsupported ve ...)
 	- libspring-security-2.0-java <removed>
+	NOTE: https://github.com/spring-projects/spring-security/commit/b2d4fec3617c497c5a8eb9c7e5270e0c7db293ee
 CVE-2019-11271 (Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Di ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2019-11270


=====================================
data/dla-needed.txt
=====================================
@@ -78,6 +78,8 @@ libsdl2-image
 libspring-java (Roberto C. Sánchez)
   NOTE: 20190624: Three CVEs remain to be patched. (roberto)
 --
+libspring-security-2.0-java
+--
 libxslt
   NOTE: 20190701: the Security Team doesn't want us to mark when jessie was explicitely tested as unfixed, so writing it here (beuc)
   NOTE: 20190701: CVE-2019-13117: patch applies on jessie



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/457f274f6ee61d1eea3fdf572bf9e965c65c81dd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/457f274f6ee61d1eea3fdf572bf9e965c65c81dd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190705/694b9cd0/attachment-0001.html>
