Package: commons-httpclient
Severity: important
Tags: security

Please see Section 7.5 of this paper:

This has been assigned CVE-2012-5783. I'm not sure if we can backport more
correct certificate validation to 3.x, but independent of that it might
make sense to introduce the 4.x codebase to the archive?


This is the maintainer address of Debian's Java team
Please use for discussions and questions.

Reply via email to