Package: src:libspring-java
Severity: grave
Tags: security
Justification: user security hole

Hi,

CVE-2014-3578 was assigned to a directory traversal in the spring
framework, affecting all versions in Debian (fixed in 3.2.0).

More information can be found on:

- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3578
- http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000054.html

Please include the CVE number in the changelog entry fixing the
vulnerability.

Regards,
-- 
Yves-Alexis Perez

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (450, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to