CVE-2016-5007/libspring-java: precision

author: Sylvain Beucler <beuc@beuc.net> 2021-04-12 19:41:20 +0200
committer: Sylvain Beucler <beuc@beuc.net> 2021-04-12 19:41:20 +0200
commit: 0714094e4013629cc4e05cd319703d510928807c (patch)
tree: d8c845e321eda6c4b8fafeb70d531c94e933bd29 /data/CVE/2016.list
parent: 17b6dd5ec039c93ea99a6ab897623f30311e0b1c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index aef3970ba7..aa4cb0f13d 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -18489,7 +18489,7 @@ CVE-2016-5008 (libvirt before 2.0.0 improperly disables password checking when t
 	NOTE: http://security.libvirt.org/2016/0001.html
 CVE-2016-5007 (Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2. ...)
 	- libspring-java 4.3.2-1
-	[jessie] - libspring-java <no-dsa> (Minor issue)
+	[jessie] - libspring-java <ignored> (Minor issue, no rdeps using both spring-framework and spring-security, trimTokens mitigation not present in 3.0.x)
 	[wheezy] - libspring-java <not-affected> (Vulnerable code not present)
 	NOTE: https://pivotal.io/security/cve-2016-5007
 	NOTE: https://github.com/spring-projects/spring-framework/commit/a30ab30 (v4.3.1.RELEASE)
author	Sylvain Beucler <beuc@beuc.net>	2021-04-12 19:41:20 +0200
committer	Sylvain Beucler <beuc@beuc.net>	2021-04-12 19:41:20 +0200
commit	0714094e4013629cc4e05cd319703d510928807c (patch)
tree	d8c845e321eda6c4b8fafeb70d531c94e933bd29 /data/CVE/2016.list
parent	17b6dd5ec039c93ea99a6ab897623f30311e0b1c (diff)