[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 23 21:10:30 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
28ccad2f by security tracker role at 2021-04-23T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,321 @@
+CVE-2021-31776
+ RESERVED
+CVE-2021-31775
+ RESERVED
+CVE-2021-31774
+ RESERVED
+CVE-2021-31773
+ RESERVED
+CVE-2021-31772
+ RESERVED
+CVE-2021-31771
+ RESERVED
+CVE-2021-31770
+ RESERVED
+CVE-2021-31769
+ RESERVED
+CVE-2021-31768
+ RESERVED
+CVE-2021-31767
+ RESERVED
+CVE-2021-31766
+ RESERVED
+CVE-2021-31765
+ RESERVED
+CVE-2021-31764
+ RESERVED
+CVE-2021-31763
+ RESERVED
+CVE-2021-31762
+ RESERVED
+CVE-2021-31761
+ RESERVED
+CVE-2021-31760
+ RESERVED
+CVE-2021-31759
+ RESERVED
+CVE-2021-31758
+ RESERVED
+CVE-2021-31757
+ RESERVED
+CVE-2021-31756
+ RESERVED
+CVE-2021-31755
+ RESERVED
+CVE-2021-31754
+ RESERVED
+CVE-2021-31753
+ RESERVED
+CVE-2021-31752
+ RESERVED
+CVE-2021-31751
+ RESERVED
+CVE-2021-31750
+ RESERVED
+CVE-2021-31749
+ RESERVED
+CVE-2021-31748
+ RESERVED
+CVE-2021-31747
+ RESERVED
+CVE-2021-31746
+ RESERVED
+CVE-2021-31745
+ RESERVED
+CVE-2021-31744
+ RESERVED
+CVE-2021-31743
+ RESERVED
+CVE-2021-31742
+ RESERVED
+CVE-2021-31741
+ RESERVED
+CVE-2021-31740
+ RESERVED
+CVE-2021-31739
+ RESERVED
+CVE-2021-31738
+ RESERVED
+CVE-2021-31737
+ RESERVED
+CVE-2021-31736
+ RESERVED
+CVE-2021-31735
+ RESERVED
+CVE-2021-31734
+ RESERVED
+CVE-2021-31733
+ RESERVED
+CVE-2021-31732
+ RESERVED
+CVE-2021-31731
+ RESERVED
+CVE-2021-31730
+ RESERVED
+CVE-2021-31729
+ RESERVED
+CVE-2021-31728
+ RESERVED
+CVE-2021-31727
+ RESERVED
+CVE-2021-31726
+ RESERVED
+CVE-2021-31725
+ RESERVED
+CVE-2021-31724
+ RESERVED
+CVE-2021-31723
+ RESERVED
+CVE-2021-31722
+ RESERVED
+CVE-2021-31721
+ RESERVED
+CVE-2021-31720
+ RESERVED
+CVE-2021-31719
+ RESERVED
+CVE-2021-31718
+ RESERVED
+CVE-2021-31717
+ RESERVED
+CVE-2021-31716
+ RESERVED
+CVE-2021-31715
+ RESERVED
+CVE-2021-31714
+ RESERVED
+CVE-2021-31713
+ RESERVED
+CVE-2021-31712
+ RESERVED
+CVE-2021-31711
+ RESERVED
+CVE-2021-31710
+ RESERVED
+CVE-2021-31709
+ RESERVED
+CVE-2021-31708
+ RESERVED
+CVE-2021-31707
+ RESERVED
+CVE-2021-31706
+ RESERVED
+CVE-2021-31705
+ RESERVED
+CVE-2021-31704
+ RESERVED
+CVE-2021-31703
+ RESERVED
+CVE-2021-31702
+ RESERVED
+CVE-2021-31701
+ RESERVED
+CVE-2021-31700
+ RESERVED
+CVE-2021-31699
+ RESERVED
+CVE-2021-31698
+ RESERVED
+CVE-2021-31697
+ RESERVED
+CVE-2021-31696
+ RESERVED
+CVE-2021-31695
+ RESERVED
+CVE-2021-31694
+ RESERVED
+CVE-2021-31693
+ RESERVED
+CVE-2021-31692
+ RESERVED
+CVE-2021-31691
+ RESERVED
+CVE-2021-31690
+ RESERVED
+CVE-2021-31689
+ RESERVED
+CVE-2021-31688
+ RESERVED
+CVE-2021-31687
+ RESERVED
+CVE-2021-31686
+ RESERVED
+CVE-2021-31685
+ RESERVED
+CVE-2021-31684
+ RESERVED
+CVE-2021-31683
+ RESERVED
+CVE-2021-31682
+ RESERVED
+CVE-2021-31681
+ RESERVED
+CVE-2021-31680
+ RESERVED
+CVE-2021-31679
+ RESERVED
+CVE-2021-31678
+ RESERVED
+CVE-2021-31677
+ RESERVED
+CVE-2021-31676
+ RESERVED
+CVE-2021-31675
+ RESERVED
+CVE-2021-31674
+ RESERVED
+CVE-2021-31673
+ RESERVED
+CVE-2021-31672
+ RESERVED
+CVE-2021-31671
+ RESERVED
+CVE-2021-31670
+ RESERVED
+CVE-2021-31669
+ RESERVED
+CVE-2021-31668
+ RESERVED
+CVE-2021-31667
+ RESERVED
+CVE-2021-31666
+ RESERVED
+CVE-2021-31665
+ RESERVED
+CVE-2021-31664
+ RESERVED
+CVE-2021-31663
+ RESERVED
+CVE-2021-31662
+ RESERVED
+CVE-2021-31661
+ RESERVED
+CVE-2021-31660
+ RESERVED
+CVE-2021-31659
+ RESERVED
+CVE-2021-31658
+ RESERVED
+CVE-2021-31657
+ RESERVED
+CVE-2021-31656
+ RESERVED
+CVE-2021-31655
+ RESERVED
+CVE-2021-31654
+ RESERVED
+CVE-2021-31653
+ RESERVED
+CVE-2021-31652
+ RESERVED
+CVE-2021-31651
+ RESERVED
+CVE-2021-31650
+ RESERVED
+CVE-2021-31649
+ RESERVED
+CVE-2021-31648
+ RESERVED
+CVE-2021-31647
+ RESERVED
+CVE-2021-31646
+ RESERVED
+CVE-2021-31645
+ RESERVED
+CVE-2021-31644
+ RESERVED
+CVE-2021-31643
+ RESERVED
+CVE-2021-31642
+ RESERVED
+CVE-2021-31641
+ RESERVED
+CVE-2021-31640
+ RESERVED
+CVE-2021-31639
+ RESERVED
+CVE-2021-31638
+ RESERVED
+CVE-2021-31637
+ RESERVED
+CVE-2021-31636
+ RESERVED
+CVE-2021-31635
+ RESERVED
+CVE-2021-31634
+ RESERVED
+CVE-2021-31633
+ RESERVED
+CVE-2021-31632
+ RESERVED
+CVE-2021-31631
+ RESERVED
+CVE-2021-31630
+ RESERVED
+CVE-2021-31629
+ RESERVED
+CVE-2021-31628
+ RESERVED
+CVE-2021-31627
+ RESERVED
+CVE-2021-31626
+ RESERVED
+CVE-2021-31625
+ RESERVED
+CVE-2021-31624
+ RESERVED
+CVE-2021-31623
+ RESERVED
+CVE-2021-31622
+ RESERVED
+CVE-2021-31621
+ RESERVED
+CVE-2021-31620
+ RESERVED
+CVE-2021-31619
+ RESERVED
+CVE-2021-31618
+ RESERVED
CVE-2021-31617
RESERVED
CVE-2021-31616
@@ -140,10 +458,10 @@ CVE-2021-31542
RESERVED
CVE-2021-31541
RESERVED
-CVE-2021-31540
- RESERVED
-CVE-2021-31539
- RESERVED
+CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default installation) has i ...)
+ TODO: check
+CVE-2021-31539 (Wowza Streaming Engine through 4.8.5 (in a default installation) has c ...)
+ TODO: check
CVE-2021-31538
RESERVED
CVE-2021-31537
@@ -452,22 +770,22 @@ CVE-2021-31412
RESERVED
CVE-2021-31411
RESERVED
-CVE-2021-31410
- RESERVED
+CVE-2021-31410 (Overly relaxed configuration of frontend resources server in Vaadin De ...)
+ TODO: check
CVE-2021-31409
RESERVED
-CVE-2021-31408
- RESERVED
-CVE-2021-31407
- RESERVED
-CVE-2021-31406
- RESERVED
-CVE-2021-31405
- RESERVED
-CVE-2021-31404
- RESERVED
-CVE-2021-31403
- RESERVED
+CVE-2021-31408 (Authentication.logout() helper in com.vaadin:flow-client versions 5.0. ...)
+ TODO: check
+CVE-2021-31407 (Vulnerability in OSGi integration in com.vaadin:flow-server versions 1 ...)
+ TODO: check
+CVE-2021-31406 (Non-constant-time comparison of CSRF tokens in endpoint request handle ...)
+ TODO: check
+CVE-2021-31405 (Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-t ...)
+ TODO: check
+CVE-2021-31404 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...)
+ TODO: check
+CVE-2021-31403 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...)
+ TODO: check
CVE-2021-3502 [reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames]
RESERVED
- avahi <unfixed> (bug #986018)
@@ -2080,20 +2398,20 @@ CVE-2021-30640
RESERVED
CVE-2021-30639
RESERVED
-CVE-2020-36321
- RESERVED
-CVE-2020-36320
- RESERVED
-CVE-2020-36319
- RESERVED
-CVE-2019-25028
- RESERVED
-CVE-2019-25027
- RESERVED
-CVE-2018-25007
- RESERVED
+CVE-2020-36321 (Improper URL validation in development mode handler in com.vaadin:flow ...)
+ TODO: check
+CVE-2020-36320 (Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-s ...)
+ TODO: check
+CVE-2020-36319 (Insecure configuration of default ObjectMapper in com.vaadin:flow-serv ...)
+ TODO: check
+CVE-2019-25028 (Missing variable sanitization in Grid component in com.vaadin:vaadin-s ...)
+ TODO: check
+CVE-2019-25027 (Missing output sanitization in default RouteNotFoundError view in com. ...)
+ TODO: check
+CVE-2018-25007 (Missing check in UIDL request handler in com.vaadin:flow-server versio ...)
+ TODO: check
CVE-2017-20003
- RESERVED
+ REJECTED
CVE-2021-30638
RESERVED
CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...)
@@ -3685,7 +4003,7 @@ CVE-2021-29947
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29947
CVE-2021-29946
RESERVED
- {DSA-4897-1 DSA-4895-1 DLA-2632-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -3694,7 +4012,7 @@ CVE-2021-29946
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29946
CVE-2021-29945
RESERVED
- {DSA-4897-1 DSA-4895-1 DLA-2632-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -4754,10 +5072,10 @@ CVE-2021-29472
RESERVED
CVE-2021-29471
RESERVED
-CVE-2021-29470
- RESERVED
-CVE-2021-29469
- RESERVED
+CVE-2021-29470 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ TODO: check
+CVE-2021-29469 (Node-redis is a Node.js Redis client. Before version 3.1.1, when a cli ...)
+ TODO: check
CVE-2021-29468
RESERVED
CVE-2021-29467 (Wrongthink is an encrypted peer-to-peer chat program. A user could che ...)
@@ -10697,10 +11015,10 @@ CVE-2021-26912 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows una
NOT-FOR-US: NetMotion Mobility
CVE-2021-26911 (core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL ...)
NOT-FOR-US: Canary Mail
-CVE-2021-26909
- RESERVED
-CVE-2021-26908
- RESERVED
+CVE-2021-26909 (Automox Agent prior to version 31 uses an insufficiently protected S3 ...)
+ TODO: check
+CVE-2021-26908 (Automox Agent prior to version 31 logs potentially sensitive informati ...)
+ TODO: check
CVE-2021-26907
RESERVED
CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...)
@@ -12225,8 +12543,8 @@ CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and W
NOT-FOR-US: AfterLogic Aurora
CVE-2021-26292
RESERVED
-CVE-2021-26291
- RESERVED
+CVE-2021-26291 (Apache Maven will follow repositories that are defined in a dependency ...)
+ TODO: check
CVE-2021-26290
RESERVED
CVE-2021-26289
@@ -14508,8 +14826,8 @@ CVE-2021-25384
RESERVED
CVE-2021-25383
RESERVED
-CVE-2021-25382
- RESERVED
+CVE-2021-25382 (An improper authorization of using debugging command in Secure Folder ...)
+ TODO: check
CVE-2021-25381 (Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in ...)
NOT-FOR-US: Samsung
CVE-2021-25380 (Improper handling of exceptional conditions in Bixby prior to version ...)
@@ -17501,7 +17819,7 @@ CVE-2021-3139 (In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2,
NOTE: https://github.com/open-iscsi/tcmu-runner/commit/01685b2ab8c430c0fb9ce397e7e76b60fe6cbde5
CVE-2021-24002
RESERVED
- {DSA-4897-1 DSA-4895-1 DLA-2632-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17518,7 +17836,7 @@ CVE-2021-24000
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24000
CVE-2021-23999
RESERVED
- {DSA-4897-1 DSA-4895-1 DLA-2632-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17527,7 +17845,7 @@ CVE-2021-23999
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999
CVE-2021-23998
RESERVED
- {DSA-4897-1 DSA-4895-1 DLA-2632-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17544,7 +17862,7 @@ CVE-2021-23996
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23996
CVE-2021-23995
RESERVED
- {DSA-4897-1 DSA-4895-1 DLA-2632-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17553,7 +17871,7 @@ CVE-2021-23995
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23995
CVE-2021-23994
RESERVED
- {DSA-4897-1 DSA-4895-1 DLA-2632-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17709,7 +18027,7 @@ CVE-2021-23962 (Incorrect use of the '<RowCountChanged>' method could have
- firefox 85.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23962
CVE-2021-23961 (Further techniques that built on the slipstream research combined with ...)
- {DSA-4897-1 DSA-4895-1 DLA-2632-1}
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 85.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -19989,8 +20307,8 @@ CVE-2021-22895
RESERVED
CVE-2021-22894
RESERVED
-CVE-2021-22893
- RESERVED
+CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authen ...)
+ TODO: check
CVE-2021-22892
RESERVED
CVE-2021-22891
@@ -20593,16 +20911,16 @@ CVE-2021-22684
RESERVED
CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
NOT-FOR-US: Fatek FvDesigner
-CVE-2021-22682
- RESERVED
+CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) is configured by default to be ...)
+ TODO: check
CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, ...)
NOT-FOR-US: Rockwell Automation
CVE-2021-22680
RESERVED
CVE-2021-22679
RESERVED
-CVE-2021-22678
- RESERVED
+CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper validation of use ...)
+ TODO: check
CVE-2021-22677
RESERVED
CVE-2021-22676
@@ -21544,14 +21862,14 @@ CVE-2021-22209
RESERVED
CVE-2021-22208
RESERVED
-CVE-2021-22207
- RESERVED
+CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to ...)
+ TODO: check
CVE-2021-22206
RESERVED
-CVE-2021-22205
- RESERVED
-CVE-2021-22204
- RESERVED
+CVE-2021-22205 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2021-22204 (Improper neutralization of user data in the DjVu file format in ExifTo ...)
+ TODO: check
CVE-2021-22203 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2021-22202 (An issue has been discovered in GitLab CE/EE affecting all previous ve ...)
@@ -24561,6 +24879,7 @@ CVE-2021-21377 (OMERO.web is open source Django-based software for managing micr
CVE-2021-21376 (OMERO.web is open source Django-based software for managing microscopy ...)
NOT-FOR-US: OMERO.web
CVE-2021-21375 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-2636-1}
- pjproject <removed>
- ring <unfixed> (bug #986815)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
@@ -28077,20 +28396,20 @@ CVE-2021-20091
RESERVED
CVE-2021-20090
RESERVED
-CVE-2021-20089
- RESERVED
-CVE-2021-20088
- RESERVED
-CVE-2021-20087
- RESERVED
-CVE-2021-20086
- RESERVED
-CVE-2021-20085
- RESERVED
-CVE-2021-20084
- RESERVED
-CVE-2021-20083
- RESERVED
+CVE-2021-20089 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ TODO: check
+CVE-2021-20088 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ TODO: check
+CVE-2021-20087 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ TODO: check
+CVE-2021-20086 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ TODO: check
+CVE-2021-20085 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ TODO: check
+CVE-2021-20084 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ TODO: check
+CVE-2021-20083 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ TODO: check
CVE-2021-20082
RESERVED
CVE-2021-20081
@@ -30018,6 +30337,7 @@ CVE-2021-2165
CVE-2021-2164 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed> (bug #987325)
CVE-2021-2163 (Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr ...)
+ {DLA-2634-1}
- openjdk-17 <not-affected> (Windows-specific)
- openjdk-11 <not-affected> (Windows-specific)
- openjdk-8 <not-affected> (Windows-specific)
@@ -30025,6 +30345,7 @@ CVE-2021-2162 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <removed>
- mysql-8.0 <unfixed> (bug #987325)
CVE-2021-2161 (Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr ...)
+ {DSA-4899-1}
- openjdk-17 17~19-1
- openjdk-11 11.0.11+9-1
- openjdk-8 <removed>
@@ -88446,8 +88767,8 @@ CVE-2020-7387
RESERVED
CVE-2020-7386
RESERVED
-CVE-2020-7385
- RESERVED
+CVE-2020-7385 (By launching the drb_remote_codeexec exploit, a Metasploit Framework u ...)
+ TODO: check
CVE-2020-7384 (Rapid7's Metasploit msfvenom framework handles APK files in a way that ...)
NOT-FOR-US: Rapid7
CVE-2020-7383 (A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that m ...)
@@ -174708,6 +175029,7 @@ CVE-2018-15758 (Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prio
CVE-2018-15757
REJECTED
CVE-2018-15756 (Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, version ...)
+ {DLA-2635-1}
- libspring-java 4.3.21-1 (bug #911786)
[jessie] - libspring-java <not-affected> (vulnerable code introduced in later version)
NOTE: https://pivotal.io/security/cve-2018-15756
@@ -187359,6 +187681,7 @@ CVE-2018-11042
CVE-2018-11041 (Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 excep ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3 ...)
+ {DLA-2635-1}
- libspring-java 4.3.19-1
[jessie] - libspring-java <not-affected> (Vulnerable code introduced later)
NOTE: https://pivotal.io/security/cve-2018-11040
@@ -187366,6 +187689,7 @@ CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior
NOTE: https://github.com/spring-projects/spring-framework/commit/874859493bbda59739c38c7e52eb3625f247b93a (v4.3.18)
NOTE: Introduced by https://github.com/spring-projects/spring-framework/commit/5dc27ee134d28c7b25d0f6d3e9059f80c95d4402 (v4.1)
CVE-2018-11039 (Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior ...)
+ {DLA-2635-1}
- libspring-java 4.3.19-1
[jessie] - libspring-java <no-dsa> (Minor issue)
NOTE: https://pivotal.io/security/cve-2018-11039
@@ -215454,6 +215778,7 @@ CVE-2018-1271 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 pr
- libspring-java <not-affected> (Issue specific when served from a file system on Windows)
NOTE: https://pivotal.io/security/cve-2018-1271
CVE-2018-1270 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...)
+ {DLA-2635-1}
- libspring-java 4.3.19-1 (bug #895114)
[jessie] - libspring-java <not-affected> (Vulnerable code not present)
[wheezy] - libspring-java <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28ccad2faf68d3f923a620cc107e154b2f6b7578
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28ccad2faf68d3f923a620cc107e154b2f6b7578
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210423/044885ad/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list