Bug#760733: libspring-java: CVE-2014-0225
Moritz Muehlenhoff
jmm at inutil.org
Wed Nov 26 11:41:30 UTC 2014
On Wed, Nov 26, 2014 at 12:40:37PM +0100, Emmanuel Bourg wrote:
> I've been investigating this issue as well. I contacted an upstream
> developer and it seems the actual fix for this issue is unknown. The
> version 3.2.0 was just reported as not vulnerable by the security
> researched who discovered this issue.
>
> I can prepare an upgrade to the latest 3.2.x version but this will at
> least require libhibernate-validator-java to be unblocked as well.
I didn't look into the specific issue, but Red Hat Bugzilla has
references to isolated patches?
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225
Cheers,
Moritz
More information about the pkg-java-maintainers
mailing list