[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-5408/libspring-security-2.0-java does not affect jessie

Roberto C. Sánchez roberto at debian.org
Mon May 18 20:46:12 BST 2020



Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
805dca98 by Roberto C. Sánchez at 2020-05-18T15:45:27-04:00
CVE-2020-5408/libspring-security-2.0-java does not affect jessie

- - - - -
2d61120e by Roberto C. Sánchez at 2020-05-18T15:46:01-04:00
LTS: remove libspring-security-2.0-java from dla-needed.txt, no open issues

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -19526,6 +19526,7 @@ CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows redirects
 	NOT-FOR-US: Pivotal
 CVE-2020-5408 (Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5 ...)
 	- libspring-security-2.0-java <removed>
+	[jessie] - libspring-security-2.0-java <not-affected> (Vulnerable code introduced later)
 CVE-2020-5407 (Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 ...)
 	- libspring-security-2.0-java <removed>
 	[jessie] - libspring-security-2.0-java <not-affected> (Vulnerable code introduced later)


=====================================
data/dla-needed.txt
=====================================
@@ -69,8 +69,6 @@ libmatio (Adrian Bunk)
   NOTE: 20190428: older changes seem to also be required for them
   NOTE: 20200518: work is ongoing (bunk)
 --
-libspring-security-2.0-java (Roberto C. Sánchez)
---
 linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/356df556c3ecc47dfb480e9dab732afa7f752bb5...2d61120ef593e7906648e12fc3a10ec781b30d01

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/356df556c3ecc47dfb480e9dab732afa7f752bb5...2d61120ef593e7906648e12fc3a10ec781b30d01
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200518/d161e8f0/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list