[Git][security-tracker-team/security-tracker][master] new spring issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 5 08:10:37 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
119a0318 by Moritz Muehlenhoff at 2026-05-05T09:10:29+02:00
new spring issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2368,11 +2368,16 @@ CVE-2026-26015 (DocsGPT is a GPT-powered chat for documentation. From version 0.
 CVE-2026-25852 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
 	NOT-FOR-US: Acronis
 CVE-2026-22745 (Spring MVC and WebFlux applications are vulnerable to Denial of Servic ...)
-	TODO: check
+	- libspring-java <not-affected> (Windows-specific)
+	NOTE: https://spring.io/security/cve-2026-22745
 CVE-2026-22741 (Spring MVC and WebFlux applications are vulnerable to cache poisoning  ...)
-	TODO: check
+	- libspring-java <unfixed> (unimportant)
+	NOTE: https://spring.io/security/cve-2026-22741
+	NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
 CVE-2026-22740 (A WebFlux server application that processes multipart requests creates ...)
-	TODO: check
+	- libspring-java <unfixed> (unimportant)
+	NOTE: https://spring.io/security/cve-2026-22740
+	NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
 CVE-2026-0206 (A post-authentication Stack-based Buffer Overflow vulnerabilities in S ...)
 	NOT-FOR-US: SonicWall
 CVE-2026-0205 (A post-authentication Path Traversal vulnerability in SonicOS allows a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/119a03184b0fb0a06f4d02a7c735767319097172

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/119a03184b0fb0a06f4d02a7c735767319097172
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/ef828b4e/attachment.htm>

More information about the debian-security-tracker-commits mailing list