[Git][security-tracker-team/security-tracker][master] 2 commits: dla: add note author

Fri Apr 9 18:14:57 BST 2021


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de721ac3 by Sylvain Beucler at 2021-04-09T19:08:22+02:00
dla: add note author

- - - - -
9564020e by Sylvain Beucler at 2021-04-09T19:10:46+02:00
CVE-2018-1199: further spring-security info

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -212674,8 +212674,10 @@ CVE-2018-1199 (Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before
 	[stretch] - libspring-java <no-dsa> (Minor issue)
 	[wheezy] - libspring-java <ignored> (Too intrusive to fix by upgrade)
 	[jessie] - libspring-java <no-dsa> (fix for spring-security available but not for springframework)
+	- libspring-security-2.0-java <removed>
 	- libspring-security-java <itp> (bug #582181)
 	NOTE: https://pivotal.io/security/cve-2018-1199
+	NOTE: https://github.com/spring-projects/spring-security/commit/65da28e4bf62f58fb130ba727cbbd621b44a36d1 (spring-security 4.1.5)
 CVE-2018-1198 (Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser passw ...)
 	NOT-FOR-US: Pivotal Cloud Cache
 CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running inside co ...)


=====================================
data/dla-needed.txt
=====================================
@@ -15,7 +15,7 @@ rather than remove/replace existing ones.
 --
 ansible
   NOTE: 20210322: As discussed with the maintainer I will update Buster first and
-  NOTE: 20210322: after that LTS. Will ask for a maintainer review later this week.
+  NOTE: 20210322: after that LTS. Will ask for a maintainer review later this week. (apo)
 --
 ceph
   NOTE: 20200707: Vulnerable to at least CVE-2018-14662. (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9057ad2505dc7a6693e8fff4cd6b09a84c2c3d24...9564020ede205cb189c0b298547b08ce1c454b0e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9057ad2505dc7a6693e8fff4cd6b09a84c2c3d24...9564020ede205cb189c0b298547b08ce1c454b0e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210409/cac1876c/attachment-0001.htm>
