1
Candidate: CVE-2013-6430
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6430
5
http://www.gopivotal.com/security/cve-2013-6430
7
The JavaScriptUtils.javaScriptEscape() method did not escape all
8
characters that are sensitive within either a JS single quoted string,
9
JS double quoted string, or HTML script data context. In most cases
10
this will result in an unexploitable parse error but in some cases it
11
could result in an XSS vulnerability.
15
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735420
17
Discovered-by: Jon Passki
20
Patches_libspring-java:
21
upstream: https://github.com/spring-projects/spring-framework/commit/7a7df6637478607bef0277bf52a4e0a03e20a248
22
upstream_libspring-java: released (3.0.6.RELEASE-11)
23
lucid_libspring-java: DNE
24
precise_libspring-java: ignored (reached end-of-life)
25
precise/esm_libspring-java: DNE (precise was needed)
26
quantal_libspring-java: ignored (reached end-of-life)
27
saucy_libspring-java: ignored (reached end-of-life)
28
trusty_libspring-java: not-affected (3.0.6.RELEASE-11)
29
utopic_libspring-java: not-affected (3.0.6.RELEASE-11)
30
vivid_libspring-java: not-affected (3.0.6.RELEASE-11)
31
vivid/stable-phone-overlay_libspring-java: DNE
32
vivid/ubuntu-core_libspring-java: DNE
33
wily_libspring-java: not-affected (3.0.6.RELEASE-11)
34
xenial_libspring-java: not-affected (3.0.6.RELEASE-11)
35
yakkety_libspring-java: not-affected (3.0.6.RELEASE-11)
36
zesty_libspring-java: not-affected (3.0.6.RELEASE-11)
37
devel_libspring-java: not-affected (3.0.6.RELEASE-11)