Candidate: CVE-2019-3795
PublicDate: 2019-04-09 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3795
 https://pivotal.io/security/cve-2019-3795
Description:
 Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and
 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when
 using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance.
 In order to be impacted, an honest application must provide a seed and make
 the resulting random material available to an attacker for inspection.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]


Patches_libspring-security-2.0-java:
upstream_libspring-security-2.0-java: needs-triage
precise/esm_libspring-security-2.0-java: DNE
trusty_libspring-security-2.0-java: not-affected
trusty/esm_libspring-security-2.0-java: DNE (trusty was not-affected)
xenial_libspring-security-2.0-java: DNE
bionic_libspring-security-2.0-java: DNE
cosmic_libspring-security-2.0-java: DNE
devel_libspring-security-2.0-java: DNE