Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Spring: Multiple security issues

Related Vulnerabilities: CVE-2011-2731   CVE-2011-2732   CVE-2011-2894   CVE-2011-2894   CVE-2011-2730  

Source

Debian Bug report logs - #670901
Spring: Multiple security issues

version graph

Package: libspring-security-2.0-java; Maintainer for libspring-security-2.0-java is Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Mon, 30 Apr 2012 07:57:05 UTC

Severity: grave

Tags: security

Fixed in version libspring-security-2.0-java/2.0.7.RELEASE-1

Done: Miguel Landaeta <miguel@miguel.cc>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#670901; Package libspring-security-2.0-java. (Mon, 30 Apr 2012 07:57:08 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>. (Mon, 30 Apr 2012 07:57:08 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Spring: Multiple security issues
Date: Mon, 30 Apr 2012 09:55:39 +0200
Package: libspring-security-2.0-java
Severity: grave
Tags: security

Please see 
http://www.securityfocus.com/archive/1/519593/30/0/threaded
http://www.springsource.com/security/cve-2011-2731
http://www.springsource.com/security/cve-2011-2732
http://www.springsource.com/security/cve-2011-2894

CVE-2011-2894 seems to affect libspring-java? If so, please clone or 
reassign as needed.

CVE-2011-2730 seems to affect libspring-2.5-java? If so, please clone or 
reassign as needed.

Cheers,
        Moritz

Bug 670901 cloned as bugs 677679, 677680, 677681 Request was from Miguel Landaeta <miguel@miguel.cc> to control@bugs.debian.org. (Sat, 16 Jun 2012 02:33:03 GMT) (full text, mbox, link).

Reply sent to Miguel Landaeta <miguel@miguel.cc>:
You have taken responsibility. (Sat, 16 Jun 2012 04:00:09 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Sat, 16 Jun 2012 04:00:09 GMT) (full text, mbox, link).

Message #12 received at 670901-close@bugs.debian.org (full text, mbox, reply):

From: Miguel Landaeta <miguel@miguel.cc>
To: 670901-close@bugs.debian.org
Subject: Bug#670901: fixed in libspring-security-2.0-java 2.0.7.RELEASE-1
Date: Sat, 16 Jun 2012 03:54:44 +0000
Source: libspring-security-2.0-java
Source-Version: 2.0.7.RELEASE-1

We believe that the bug you reported is fixed in the latest version of
libspring-security-2.0-java, which is due to be installed in the Debian FTP archive:

libspring-security-2.0-java-doc_2.0.7.RELEASE-1_all.deb
  to main/libs/libspring-security-2.0-java/libspring-security-2.0-java-doc_2.0.7.RELEASE-1_all.deb
libspring-security-2.0-java_2.0.7.RELEASE-1.debian.tar.gz
  to main/libs/libspring-security-2.0-java/libspring-security-2.0-java_2.0.7.RELEASE-1.debian.tar.gz
libspring-security-2.0-java_2.0.7.RELEASE-1.dsc
  to main/libs/libspring-security-2.0-java/libspring-security-2.0-java_2.0.7.RELEASE-1.dsc
libspring-security-2.0-java_2.0.7.RELEASE.orig.tar.gz
  to main/libs/libspring-security-2.0-java/libspring-security-2.0-java_2.0.7.RELEASE.orig.tar.gz
libspring-security-acl-2.0-java_2.0.7.RELEASE-1_all.deb
  to main/libs/libspring-security-2.0-java/libspring-security-acl-2.0-java_2.0.7.RELEASE-1_all.deb
libspring-security-core-2.0-java_2.0.7.RELEASE-1_all.deb
  to main/libs/libspring-security-2.0-java/libspring-security-core-2.0-java_2.0.7.RELEASE-1_all.deb
libspring-security-ntlm-2.0-java_2.0.7.RELEASE-1_all.deb
  to main/libs/libspring-security-2.0-java/libspring-security-ntlm-2.0-java_2.0.7.RELEASE-1_all.deb
libspring-security-portlet-2.0-java_2.0.7.RELEASE-1_all.deb
  to main/libs/libspring-security-2.0-java/libspring-security-portlet-2.0-java_2.0.7.RELEASE-1_all.deb
libspring-security-taglibs-2.0-java_2.0.7.RELEASE-1_all.deb
  to main/libs/libspring-security-2.0-java/libspring-security-taglibs-2.0-java_2.0.7.RELEASE-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 670901@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Miguel Landaeta <miguel@miguel.cc> (supplier of updated libspring-security-2.0-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 Jun 2012 21:43:49 -0430
Source: libspring-security-2.0-java
Binary: libspring-security-core-2.0-java libspring-security-acl-2.0-java libspring-security-ntlm-2.0-java libspring-security-portlet-2.0-java libspring-security-taglibs-2.0-java libspring-security-2.0-java-doc
Architecture: source all
Version: 2.0.7.RELEASE-1
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Miguel Landaeta <miguel@miguel.cc>
Description: 
 libspring-security-2.0-java-doc - documentation for Spring Security 2.0
 libspring-security-acl-2.0-java - modular Java/J2EE application security framework - ACL
 libspring-security-core-2.0-java - modular Java/J2EE application security framework - Core
 libspring-security-ntlm-2.0-java - modular Java/J2EE application security framework - NTLM
 libspring-security-portlet-2.0-java - modular Java/J2EE application security framework - Portlet
 libspring-security-taglibs-2.0-java - modular Java/J2EE application security framework - Taglibs
Closes: 670901
Changes: 
 libspring-security-2.0-java (2.0.7.RELEASE-1) unstable; urgency=low
 .
   * New upstream release. (Closes: #670901).
   * Bump Standards-Version to 3.9.3. No changes were required.
Checksums-Sha1: 
 9e9b1c1229c40649c723b1045fa1b8f66b50e7cc 3164 libspring-security-2.0-java_2.0.7.RELEASE-1.dsc
 5f029e7d4f6847da52ebea9f86b9882774173f00 766860 libspring-security-2.0-java_2.0.7.RELEASE.orig.tar.gz
 1a1d85c904b7ac3014db63937e779bac869842f4 8767 libspring-security-2.0-java_2.0.7.RELEASE-1.debian.tar.gz
 5cd57eeaa5584a23305946d701fe3135644137c2 662256 libspring-security-core-2.0-java_2.0.7.RELEASE-1_all.deb
 00c99577d836ceb01883b3ed7e101a3a254a8868 59158 libspring-security-acl-2.0-java_2.0.7.RELEASE-1_all.deb
 ea3881eaa999f07d33a7a0bcefc9d96289104cfe 14080 libspring-security-ntlm-2.0-java_2.0.7.RELEASE-1_all.deb
 4c552b715dedef60bef43e5ece2cdda1ff89c3f8 13792 libspring-security-portlet-2.0-java_2.0.7.RELEASE-1_all.deb
 00033712ba1eade98525bc7309d065ae097f66e0 16838 libspring-security-taglibs-2.0-java_2.0.7.RELEASE-1_all.deb
 9bc42a8a1aa3363318e04bccf0e98a30877e27c0 1454468 libspring-security-2.0-java-doc_2.0.7.RELEASE-1_all.deb
Checksums-Sha256: 
 32d14616ca057e284fb2a59ab6b7ea51d22b1698d1d49f646d9ae4da2f4b9e2d 3164 libspring-security-2.0-java_2.0.7.RELEASE-1.dsc
 fb3d3a064db8cfb440d1a36354a64c49c1b5abba007c8dd4ab492cbf41947be9 766860 libspring-security-2.0-java_2.0.7.RELEASE.orig.tar.gz
 84f7498c3a38f416d2e10a7c863c9a1c26a9e4506e10a5b76dab81d45c7bc0d6 8767 libspring-security-2.0-java_2.0.7.RELEASE-1.debian.tar.gz
 6aa3c8b3e89376b8f0dbe91d707f3741d17008f5fd10584f4561d14079d1d1da 662256 libspring-security-core-2.0-java_2.0.7.RELEASE-1_all.deb
 c69fef07dd0e8666379b7f0db4c1e7abb14425ea494d5aa6c8bbc56eea6176cf 59158 libspring-security-acl-2.0-java_2.0.7.RELEASE-1_all.deb
 c2ac46eb192adc17640ce6962b8dcec8c825b61e0d4823d647e57efc06cc98ce 14080 libspring-security-ntlm-2.0-java_2.0.7.RELEASE-1_all.deb
 5fdf529daa5caec890784eb26b80b5d53b50c652239fb7185b8dc0efbe215b06 13792 libspring-security-portlet-2.0-java_2.0.7.RELEASE-1_all.deb
 f48200911867aa549f762b333a3062961b97685779c9f2da9f7af6f661551afd 16838 libspring-security-taglibs-2.0-java_2.0.7.RELEASE-1_all.deb
 8c4febc5852bf8b3fc81ec009aa157886f30714a94c062df02c73b8f2f9e23da 1454468 libspring-security-2.0-java-doc_2.0.7.RELEASE-1_all.deb
Files: 
 690338e6b920cb3673a48a01309f0b12 3164 java optional libspring-security-2.0-java_2.0.7.RELEASE-1.dsc
 65630bf2d2556d7d82b2a41d393b1def 766860 java optional libspring-security-2.0-java_2.0.7.RELEASE.orig.tar.gz
 d5350f0ed794b393837c8622e044562d 8767 java optional libspring-security-2.0-java_2.0.7.RELEASE-1.debian.tar.gz
 93cfabb4c0ed62ea57ac334b786acd9b 662256 java optional libspring-security-core-2.0-java_2.0.7.RELEASE-1_all.deb
 22aa7849f05ad97fc70317219d59296b 59158 java optional libspring-security-acl-2.0-java_2.0.7.RELEASE-1_all.deb
 ded1f8801c1e0817c55739e4cd76f5b5 14080 java optional libspring-security-ntlm-2.0-java_2.0.7.RELEASE-1_all.deb
 28c0b4970608ad222fc8042f67dc9ee2 13792 java optional libspring-security-portlet-2.0-java_2.0.7.RELEASE-1_all.deb
 e196aa9471b23dd7765d02fa51e9c478 16838 java optional libspring-security-taglibs-2.0-java_2.0.7.RELEASE-1_all.deb
 ca54bc822c75a7fb6b3de33f36af49c3 1454468 doc optional libspring-security-2.0-java-doc_2.0.7.RELEASE-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJP2/RvAAoJEG5gi2N9iWfpIaoP/0cME7z4uKn07VcSFL6xKb+P
T9WwLrSFsFqUw29F1R3HzmxnAJlb/ynuguS9hhCQrecUqhbUX6rCEGXovJYxkT5r
fjssFrsC8GfBJpmnT3+jCJ0LAC4iy9lnyPlxOJTIyD2zfiEOqGeQ4tL5WKs4FT5A
0aa4eHMhVpfSdaaNJm61seBITcF1Yq8mEmS+yeocJ1bjn8wqprkjtCg7T5ANuPON
9A1eHPl1y5bXCLfICLi6MS7QzWORuHW22Qxmookxp19qgcV90F3Mcl5e3FLiNf07
tqELg1XP0FvACbz1TPdOUxZzQRdO+2/oaP21nLWd5yw2ktCRL+QGmTH1qP4DEuKq
gj/GAMmYYfOm16M0T+fN29yyVL5+jYD/z2k1Apc/r/GTRv6TJZHps1jW5urff1i1
e656Y9J9r7cthQMcackxHW86akaQv/u47x/kHCpUfU7MOGddwyrDew2nZLd0frMg
IP8NnBX8MwtIQQYskxjkkBxEQbkoAAjX4IaOjMSrZcv6KfEP7YMYRG68aki+bhrZ
a+kQ7eft7wkXtvsiPjubl080bXySJRK4zvjMDIUlOXk8iV/ElzalkoSdieze4lsm
Q5BdU8XLyR1JvpajC68wmMXkSEXAiOl/cGNZ/bXf/RHvD/13bWGHJEE1ZNlY3FeL
f6esmSsOor9aqNaZt377
=0Nsn
-----END PGP SIGNATURE-----

Bug 670901 cloned as bug 677814 Request was from "Damien Raude-Morvan" <drazzib@debian.org> to control@bugs.debian.org. (Sat, 16 Jun 2012 22:15:11 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 02 Jun 2013 07:27:12 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 19:09:17 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started