Bug 14041

Summary: springramework-security new security issues CVE-2014-0097 and CVE-2014-3527
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: D Morgan <dmorganec>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: mageia
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/610411/
Whiteboard:
Source RPM: springramework-security-3.1.4-5.mga5.src.rpm CVE:
Status comment:

Description David Walser 2014-09-02 20:54:49 CEST 
Fedora has issued an advisory on August 21:
https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137178.html

This package is only in Cauldron

The issues are fixed in 3.1.7, which Fedora updated with these commits:
http://pkgs.fedoraproject.org/cgit/springframework-security.git/commit/?id=2cd3ec92cb91dfc4d6cc06e026930c3386adb04e
http://pkgs.fedoraproject.org/cgit/springframework-security.git/commit/?id=ed4fb631b245b35c7fdb6841a4a43b22d11545b2

Reproducible: 

Steps to Reproduce:
Comment 1 Sander Lepik 2014-11-29 16:02:33 CET 
Dropped from cauldron, can be closed if java stack is wiped out.

CC: (none) => mageia

Comment 2 David Walser 2015-03-11 19:29:59 CET 
Closing now.  This won't be reintroduced for Mageia 5.

Status: NEW => RESOLVED
Resolution: (none) => FIXED