[SECURITY] [DLA 1848-1] libspring-security-2.0-java security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libspring-security-2.0-java
Version : 2.0.7.RELEASE-3+deb8u2
CVE ID : CVE-2019-11272
Spring Security support plain text passwords using
PlaintextPasswordEncoder. If an application using an affected version
of Spring Security is leveraging PlaintextPasswordEncoder and a user
has a null encoded password, a malicious user (or attacker) can
authenticate using a password of "null".
For Debian 8 "Jessie", this problem has been fixed in version
2.0.7.RELEASE-3+deb8u2.
We recommend that you upgrade your libspring-security-2.0-java packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl0kM0gACgkQhj1N8u2c
KO9Wlw//c6ten14dAo6YlIUFoHLr22kdke1d7nknu6qCBpe/S3Fcs1R/qhmo03lY
m4RE17i0KJOarZdZSMDfhh1V/0B1rMWEarZcxwYgc98xJE6TO26eaTzgg2iDO4so
ws298L/djmRbkBSFmTQxiYDuF+7tcfDCkIzwiqAszaaz+lXtpVIVGPPxrJdsbNWG
n5JE/y0/W9lWMccKKRcMp9Cz4htrkV9iB8bVo28LPKAR6rrqhtVXJFOUWElyal+/
pGt/o4zUBPbUddjMJzjDzFn31owBkL7fZOBEbJh5eoJZo5pgY638AMxHM4bviShz
YdjuEkcXjSZODzFZNcMMsu31mxYp6TeSkdyAiYoPmQnfNYEbiAVaWd/vZZgAzKeu
MYME8oJJT9LbHaF5AwMp9dFQy5Smd2h9prpxsx1qd8OLpV+pNhmrFwLfZ2i61tQy
cyOd2pFIMMs+gHDTM/ixWet9LCZ+HNgsH/iiGYX6PU5gIkVGrP+RVdyGTh2b/IdG
0043PLHEMHvNofGToDX4ed3wEfs/Zvn2k4QpykrTYQ0d3LcN8cGrLO7vpfbt1WTw
/qwxSTlFCrNwlIk3zvX61sOazIO7d9stYWQ+TOtWPNCrr8hhOdnVWq7zITCMf84C
GLKALMDx4SQJ0+u+RGwSR3zSyXKFFKkIltcw+o1dVC2hMS07aq4=
=aFJb
-----END PGP SIGNATURE-----
Reply to: