[Git][security-tracker-team/security-tracker][master] new spring issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e384917f by Moritz Muehlenhoff at 2025-09-17T09:12:38+02:00
new spring issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -112,9 +112,12 @@ CVE-2025-44034 (SQL injection vulnerability in oa_system 
oasys v.1.1 allows a re
 CVE-2025-43801 (Unchecked input for loop condition vulnerability in XML-RPC in 
Liferay ...)
        NOT-FOR-US: Liferay
 CVE-2025-41249 (The Spring Framework annotation detection mechanism may not 
correctly  ...)
-       TODO: check
+       - libspring-java <unfixed> (unimportant)
+       NOTE: https://spring.io/security/cve-2025-41249/
+       NOTE: Only supported for building applications shipped in Debian, see 
README.Debian.security
 CVE-2025-41248 (The Spring Security annotation detection mechanism may not 
correctly r ...)
-       TODO: check
+       - libspring-security-2.0-java <removed>
+       NOTE: https://spring.io/security/cve-2025-41248
 CVE-2025-41243 (Spring Cloud Gateway Server Webflux may be vulnerable to 
Spring Enviro ...)
        TODO: check
 CVE-2025-39836 (In the Linux kernel, the following vulnerability has been 
resolved:  e ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e384917f99c9a7bcaa8ae1f8b349431e44bfc579

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e384917f99c9a7bcaa8ae1f8b349431e44bfc579
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits