-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libspring-security-2.0-java Version : 2.0.7.RELEASE-3+deb8u2 CVE ID : CVE-2019-11272
Spring Security support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null". For Debian 8 "Jessie", this problem has been fixed in version 2.0.7.RELEASE-3+deb8u2. We recommend that you upgrade your libspring-security-2.0-java packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl0kM0gACgkQhj1N8u2c KO9Wlw//c6ten14dAo6YlIUFoHLr22kdke1d7nknu6qCBpe/S3Fcs1R/qhmo03lY m4RE17i0KJOarZdZSMDfhh1V/0B1rMWEarZcxwYgc98xJE6TO26eaTzgg2iDO4so ws298L/djmRbkBSFmTQxiYDuF+7tcfDCkIzwiqAszaaz+lXtpVIVGPPxrJdsbNWG n5JE/y0/W9lWMccKKRcMp9Cz4htrkV9iB8bVo28LPKAR6rrqhtVXJFOUWElyal+/ pGt/o4zUBPbUddjMJzjDzFn31owBkL7fZOBEbJh5eoJZo5pgY638AMxHM4bviShz YdjuEkcXjSZODzFZNcMMsu31mxYp6TeSkdyAiYoPmQnfNYEbiAVaWd/vZZgAzKeu MYME8oJJT9LbHaF5AwMp9dFQy5Smd2h9prpxsx1qd8OLpV+pNhmrFwLfZ2i61tQy cyOd2pFIMMs+gHDTM/ixWet9LCZ+HNgsH/iiGYX6PU5gIkVGrP+RVdyGTh2b/IdG 0043PLHEMHvNofGToDX4ed3wEfs/Zvn2k4QpykrTYQ0d3LcN8cGrLO7vpfbt1WTw /qwxSTlFCrNwlIk3zvX61sOazIO7d9stYWQ+TOtWPNCrr8hhOdnVWq7zITCMf84C GLKALMDx4SQJ0+u+RGwSR3zSyXKFFKkIltcw+o1dVC2hMS07aq4= =aFJb -----END PGP SIGNATURE-----
