drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in libspring-java
Name: |
Zwei Probleme in libspring-java |
|
ID: |
DSA-2890-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian wheezy |
|
Datum: |
So, 30. März 2014, 20:46 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1904 |
|
Applikationen: |
libspring-java |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2890-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 29, 2014 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : libspring-java CVE ID : CVE-2014-0054 CVE-2014-1904 Debian Bug : 741604
Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework.
CVE-2014-0054
Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML entities.
CVE-2014-1904
Spring MVC introduces a cross-site scripting vulnerability if the action on a Spring form is not specified.
For the stable distribution (wheezy), these problems have been fixed in version 3.0.6.RELEASE-6+deb7u3.
For the testing distribution (jessie) and the unstable distribution (sid), these problems have been fixed in version 3.0.6.RELEASE-13.
We recommend that you upgrade your libspring-java packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJTNyPJAAoJEL97/wQC1SS+IacH/3RNJ8+t08lYcFNK19w9gaxK XZPRhwnnQ5A8dCXSBra0476s1v9j+wZY6BQsJfTHtx1OJuQoifTwO2snjR9JQ7Tk V/KRzFSev3o35ISqc3XEUSq8klo1GPTpL0PqGThdxz5HFv20zm3V+jnCgKSSN4N3 Eu0VQybqj05aOgAsR6ldbTTI4CCQzC5XVZYNS5nZh/8eO3oAYhwi1iKxjEWrldUR G/kYvHvoKGBjBfTgp51bG/0BogAljJ4G+E3QwANERKdqFccfpJ+5vDtWoLKjTf2r 1OjYcjXp3JZxiIE5H4W5nQfMCcmbOslrOPu46MBrOYvDw7CDmw03XKvEiC36q7w= =mqxj -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/87ppl44xq3.fsf@mid.deneb.enyo.de
|
|
|
|