[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: triage CVE-2020-5398/libspring-java for jessie

Roberto C. Sánchez roberto at debian.org
Wed Feb 26 22:42:02 GMT 2020 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a805c476 by Roberto C. Sánchez at 2020-02-26T17:41:15-05:00
LTS: triage CVE-2020-5398/libspring-java for jessie

- - - - -
e41ac9d1 by Roberto C. Sánchez at 2020-02-26T17:41:17-05:00
LTS: remove libspring-java from dla-needed.txt, no open vulnerabilities

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8951,6 +8951,7 @@ CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a My
 	NOT-FOR-US: Cloud Foundry CredHub
 CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...)
 	- libspring-java <unfixed>
+	[jessie] - libspring-java <not-affected> (Vulnerable code not present)
 	NOTE: https://pivotal.io/security/cve-2020-5398
 	NOTE: https://github.com/spring-projects/spring-framework/issues/24220
 	NOTE: https://github.com/spring-projects/spring-framework/commit/41f40c6c229d3b4f768718f1ec229d8f0ad76d76


=====================================
data/dla-needed.txt
=====================================
@@ -40,11 +40,6 @@ libmatio (Adrian Bunk)
 --
 libmtp (Dylan Aïssi)
 --
-libspring-java (Roberto C. Sánchez)
-  NOTE: Not fully triaged. What remains is to check whether jessie code is vulnerable
-  NOTE: and what the effect really is. Ola plan to do that later today but if someone
-  NOTE: with more knowledge about this framework have the time feel free to continue.
---
 linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dc095988f379e957b22dac56443a1106e95cceea...e41ac9d1fb56bf7586db4d14a4ba08014f993109

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dc095988f379e957b22dac56443a1106e95cceea...e41ac9d1fb56bf7586db4d14a4ba08014f993109
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200226/47083520/attachment.html>

More information about the debian-security-tracker-commits mailing list