Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability

[Mike Kienenberger <mkienenb () gmail com>]

Clarification: The first line in this CVE was a copy&paste error
during message composition and is not part of the CVE.  This line can
make it sound as if CVE-2016-5019 is only an information disclosure
vulnerability rather than a deserialization attack vector.  I
apologize for the confusion.