[Git][security-tracker-team/security-tracker][master] CVE-2016-5007/libspring-java: precision
Sylvain Beucler
beuc at debian.org
Mon Apr 12 18:42:32 BST 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7a470b1b by Sylvain Beucler at 2021-04-12T19:41:20+02:00
CVE-2016-5007/libspring-java: precision
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -282445,7 +282445,7 @@ CVE-2016-5008 (libvirt before 2.0.0 improperly disables password checking when t
NOTE: http://security.libvirt.org/2016/0001.html
CVE-2016-5007 (Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2. ...)
- libspring-java 4.3.2-1
- [jessie] - libspring-java <no-dsa> (Minor issue)
+ [jessie] - libspring-java <ignored> (Minor issue, no rdeps using both spring-framework and spring-security, trimTokens mitigation not present in 3.0.x)
[wheezy] - libspring-java <not-affected> (Vulnerable code not present)
NOTE: https://pivotal.io/security/cve-2016-5007
NOTE: https://github.com/spring-projects/spring-framework/commit/a30ab30 (v4.3.1.RELEASE)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a470b1b9315200b18d7d8192e91c7ea124130b3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a470b1b9315200b18d7d8192e91c7ea124130b3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210412/81128ebd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list