Bug#760733: CVE-2014-3578: directory traversal
Yves-Alexis Perez
corsac at debian.org
Sun Sep 7 11:30:02 UTC 2014
Package: src:libspring-java
Severity: grave
Tags: security
Justification: user security hole
Hi,
CVE-2014-3578 was assigned to a directory traversal in the spring
framework, affecting all versions in Debian (fixed in 3.2.0).
More information can be found on:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3578
- http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000054.html
Please include the CVE number in the changelog entry fixing the
vulnerability.
Regards,
--
Yves-Alexis Perez
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the pkg-java-maintainers
mailing list