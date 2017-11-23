-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512



- -------------------------------------------------------------------------

Debian Security Advisory DSA-4046-1 security@debian.org

https://www.debian.org/security/ Sebastien Delafond

November 22, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------



Package : libspring-ldap-java

CVE ID : CVE-2017-8028



Tobias Schneider discovered that libspring-ldap-java, a Java library

for Spring-based applications using the Lightweight Directory Access

Protocol, would under some circumstances allow authentication with a

correct username but an arbitrary password.



For the oldstable distribution (jessie), this problem has been fixed

in version 1.3.1.RELEASE-5+deb8u1.



We recommend that you upgrade your libspring-ldap-java packages.



For the detailed security status of libspring-ldap-java please refer to

its security tracker page at:

https://security-tracker.debian.org/tracker/libspring-ldap-java



-----BEGIN PGP SIGNATURE-----



iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAloVtEUACgkQEL6Jg/PV

nWSbSgf/aBFHoKWTrjUx9W++O+Fc7Or0ZqMYZgHRTmWxorIRL+QT18jxVYYwnKfe

JLvjuX68foYcS9oArbcNbafYWgjkRVZZCA05+RT8ws0c4qC4/0Gf909jn/7iUCp1

4bLdLNYrTm5rkk2a1iNOu7GDAo5bTanj/0uZVKp78U9mn3bJkzjy+TUSAe9Aw/fa

pBAGlIJfp7PSTB1BHjaW2cHActuTOKQyT9rN33GFK3lX40TqMesyOL7mZiJtBJ/C

+YtlrdHHL8uuQA9Fg6LMEzwMBOtmtgvaN6yVpn80BZSQ6nsL+r+xQRutGPup1Gq0

xaYT8ClXlaYknaKtTbZ6dJMdmvz4Bg==

=4Vlo

-----END PGP SIGNATURE-----

