[Git][security-tracker-team/security-tracker][master] Reserve DLA-2635-1 for libspring-java
Sylvain Beucler
beuc at debian.org
Fri Apr 23 19:11:14 BST 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9268ea8f by Sylvain Beucler at 2021-04-23T20:10:48+02:00
Reserve DLA-2635-1 for libspring-java
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -174706,7 +174706,6 @@ CVE-2018-15757
REJECTED
CVE-2018-15756 (Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, version ...)
- libspring-java 4.3.21-1 (bug #911786)
- [stretch] - libspring-java <no-dsa> (Minor issue)
[jessie] - libspring-java <not-affected> (vulnerable code introduced in later version)
NOTE: https://pivotal.io/security/cve-2018-15756
NOTE: https://jira.spring.io/browse/SPR-17318?redirect=false
@@ -187358,7 +187357,6 @@ CVE-2018-11041 (Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0
NOT-FOR-US: Cloud Foundry
CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3 ...)
- libspring-java 4.3.19-1
- [stretch] - libspring-java <no-dsa> (Minor issue)
[jessie] - libspring-java <not-affected> (Vulnerable code introduced later)
NOTE: https://pivotal.io/security/cve-2018-11040
NOTE: https://github.com/spring-projects/spring-framework/issues/21338
@@ -187366,7 +187364,6 @@ CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior
NOTE: Introduced by https://github.com/spring-projects/spring-framework/commit/5dc27ee134d28c7b25d0f6d3e9059f80c95d4402 (v4.1)
CVE-2018-11039 (Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior ...)
- libspring-java 4.3.19-1
- [stretch] - libspring-java <no-dsa> (Minor issue)
[jessie] - libspring-java <no-dsa> (Minor issue)
NOTE: https://pivotal.io/security/cve-2018-11039
NOTE: https://jira.spring.io/si/jira.issueviews:issue-html/SPR-16836/SPR-16836.html
@@ -215455,7 +215452,6 @@ CVE-2018-1271 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 pr
NOTE: https://pivotal.io/security/cve-2018-1271
CVE-2018-1270 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...)
- libspring-java 4.3.19-1 (bug #895114)
- [stretch] - libspring-java <no-dsa> (Minor issue)
[jessie] - libspring-java <not-affected> (Vulnerable code not present)
[wheezy] - libspring-java <not-affected> (Vulnerable code not present)
NOTE: Introduced by https://github.com/spring-projects/spring-framework/commit/b6327acec825aefadead62bd7825425b048b214c (v4.2.0)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[23 Apr 2021] DLA-2635-1 libspring-java - security update
+ {CVE-2018-1270 CVE-2018-11039 CVE-2018-11040 CVE-2018-15756}
+ [stretch] - libspring-java 4.3.5-1+deb9u1
[23 Apr 2021] DLA-2634-1 openjdk-8 - security update
{CVE-2021-2161 CVE-2021-2163}
[stretch] - openjdk-8 8u292-b10-0+deb9u1
=====================================
data/dla-needed.txt
=====================================
@@ -78,8 +78,6 @@ jackson-databind (Utkarsh)
--
jetty9
--
-libspring-java (Sylvain Beucler)
---
linux (Ben Hutchings)
--
linux-4.19 (Ben Hutchings)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9268ea8fbcf041c76689e71697110218a63236af
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9268ea8fbcf041c76689e71697110218a63236af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210423/9c813703/attachment.htm>
More information about the debian-security-tracker-commits
mailing list