Unsubscribe On March 29, 2014 3:21:40 PM EDT, Florian Weimer <[email protected]> wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >- >------------------------------------------------------------------------- >Debian Security Advisory DSA-2890-1 >[email protected] >http://www.debian.org/security/ Florian >Weimer >March 29, 2014 >http://www.debian.org/security/faq >- >------------------------------------------------------------------------- > >Package : libspring-java >CVE ID : CVE-2014-0054 CVE-2014-1904 >Debian Bug : 741604 > >Two vulnerabilities were discovered in libspring-java, the Debian >package for the Java Spring framework. > >CVE-2014-0054 > > Jaxb2RootElementHttpMessageConverter in Spring MVC processes > external XML entities. > >CVE-2014-1904 > > Spring MVC introduces a cross-site scripting vulnerability if the > action on a Spring form is not specified. > >For the stable distribution (wheezy), these problems have been fixed in >version 3.0.6.RELEASE-6+deb7u3. > >For the testing distribution (jessie) and the unstable distribution >(sid), these problems have been fixed in version 3.0.6.RELEASE-13. > >We recommend that you upgrade your libspring-java packages. > >Further information about Debian Security Advisories, how to apply >these updates to your system and frequently asked questions can be >found at: http://www.debian.org/security/ > >Mailing list: [email protected] >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.10 (GNU/Linux) > >iQEcBAEBAgAGBQJTNyPJAAoJEL97/wQC1SS+IacH/3RNJ8+t08lYcFNK19w9gaxK >XZPRhwnnQ5A8dCXSBra0476s1v9j+wZY6BQsJfTHtx1OJuQoifTwO2snjR9JQ7Tk >V/KRzFSev3o35ISqc3XEUSq8klo1GPTpL0PqGThdxz5HFv20zm3V+jnCgKSSN4N3 >Eu0VQybqj05aOgAsR6ldbTTI4CCQzC5XVZYNS5nZh/8eO3oAYhwi1iKxjEWrldUR >G/kYvHvoKGBjBfTgp51bG/0BogAljJ4G+E3QwANERKdqFccfpJ+5vDtWoLKjTf2r >1OjYcjXp3JZxiIE5H4W5nQfMCcmbOslrOPu46MBrOYvDw7CDmw03XKvEiC36q7w= >=mqxj >-----END PGP SIGNATURE----- > > >-- >To UNSUBSCRIBE, email to >[email protected] >with a subject of "unsubscribe". Trouble? Contact >[email protected] >Archive: https://lists.debian.org/[email protected]
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
