[Git][security-tracker-team/security-tracker][master] Three more libspring-java issues were already fixed in unstable

Tue, 01 Jan 2019 05:35:24 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6abd9bd3 by Salvatore Bonaccorso at 2019-01-01T13:34:49Z
Three more libspring-java issues were already fixed in unstable

CVE-2018-11039, CVE-2018-11040 and CVE-2018-1257 were already fixed
upstream in 4.3.18 and 4.3.17 respectively so the 4.3.19-1 upload in
unstable did contain the fixes already.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31786,11 +31786,11 @@ CVE-2018-11042
 CVE-2018-11041 (Cloud Foundry UAA, versions later than 4.6.0 and prior to 
4.19.0 ...)
        NOT-FOR-US: Cloud Foundry
 CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x 
prior to ...)
-       - libspring-java <unfixed>
+       - libspring-java 4.3.19-1
        [jessie] - libspring-java <no-dsa> (unable to find relevant commits)
        NOTE: https://pivotal.io/security/cve-2018-11040
 CVE-2018-11039 (Spring Framework (versions 5.0.x prior to 5.0.7, versions 
4.3.x prior ...)
-       - libspring-java <unfixed>
+       - libspring-java 4.3.19-1
        [jessie] - libspring-java <no-dsa> (Minor issue)
        NOTE: https://pivotal.io/security/cve-2018-11039
 CVE-2017-18270 (In the Linux kernel before 4.13.5, a local user could create 
keyrings ...)
@@ -59883,7 +59883,7 @@ CVE-2018-1258 (Spring Framework version 5.0.5 when used 
in combination with any
        [jessie] - libspring-security-2.0-java <not-affected> (Affected version 
not in jessie)
        NOTE: https://pivotal.io/security/cve-2018-1258
 CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x 
prior ...)
-       - libspring-java <unfixed>
+       - libspring-java 4.3.19-1
        [jessie] - libspring-java <no-dsa> (hard to find upstream commits 
regarding this)
        NOTE: https://pivotal.io/security/cve-2018-1257
 CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a 
regression which ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6abd9bd30876901df0aed1e3d9f6607423567db4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6abd9bd30876901df0aed1e3d9f6607423567db4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to