Your message dated Fri, 07 Dec 2012 10:02:38 +0000
with message-id <e1tguls-0000ys...@franck.debian.org>
and subject line Bug#692442: fixed in commons-httpclient 3.1-10.2
has caused the Debian Bug report #692442,
regarding CVE-2012-5783: Insecure certificate validation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
692442: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692442
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: commons-httpclient
Severity: important
Tags: security

Please see Section 7.5 of this paper:
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

This has been assigned CVE-2012-5783. I'm not sure if we can backport more
correct certificate validation to 3.x, but independent of that it might
make sense to introduce the 4.x codebase to the archive?

Cheers,
        Moritz

--- End Message ---
--- Begin Message ---
Source: commons-httpclient
Source-Version: 3.1-10.2

We believe that the bug you reported is fixed in the latest version of
commons-httpclient, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 692...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alberto Fernández Martínez <inf...@gmail.com> (supplier of updated 
commons-httpclient package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 6 Dec 2012 14:28:00 +0100
Source: commons-httpclient
Binary: libcommons-httpclient-java libcommons-httpclient-java-doc
Architecture: source all
Version: 3.1-10.2
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Alberto Fernández Martínez <inf...@gmail.com>
Description: 
 libcommons-httpclient-java - A Java(TM) library for creating HTTP clients
 libcommons-httpclient-java-doc - Documentation for libcommons-httpclient-java
Closes: 692442
Changes: 
 commons-httpclient (3.1-10.2) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Fix CVE-2012-5783 (Closes: #692442)
   * Fix CN extraction from DN of X500 principal.
   * Fix wildcard validation on ssl connections
Checksums-Sha1: 
 6a163ebc664640e90d342cb24b4fe7afe37fe493 1745 commons-httpclient_3.1-10.2.dsc
 b91496b5b1e235086c2cd335acdb1800aa0b92bb 12458 
commons-httpclient_3.1-10.2.debian.tar.gz
 8d5af922cf81cd2fe9bf40547443ed1c12f29f06 309350 
libcommons-httpclient-java_3.1-10.2_all.deb
 351a079fbccc48e0caaf01eacb548c454d8af8e4 1552432 
libcommons-httpclient-java-doc_3.1-10.2_all.deb
Checksums-Sha256: 
 39ccff6c5c584b6cfc81e4432c06a4f42aceeabe010ea07cbd8628ede6928ca4 1745 
commons-httpclient_3.1-10.2.dsc
 8493865175f2eb370664c907094d5530a186d1b6ed11fae4f1f79043849b3404 12458 
commons-httpclient_3.1-10.2.debian.tar.gz
 ba2494a3894e87160912fb0494acbe009cd061c9adb6dde33b755cb38c95229b 309350 
libcommons-httpclient-java_3.1-10.2_all.deb
 40af7e244433a72477c8c5ea931486213dfdf460136d53d79b4cbbfea26b89ed 1552432 
libcommons-httpclient-java-doc_3.1-10.2_all.deb
Files: 
 34e93ee1f41434a0248b93cee7c0e2f3 1745 java optional 
commons-httpclient_3.1-10.2.dsc
 2c29e200958a57902377226ba132e067 12458 java optional 
commons-httpclient_3.1-10.2.debian.tar.gz
 6cc0089d7e94c1cf35932f3d1a92834c 309350 java optional 
libcommons-httpclient-java_3.1-10.2_all.deb
 2bc45fc7ee991f5c475efa1ee7610216 1552432 doc optional 
libcommons-httpclient-java-doc_3.1-10.2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlDBu7wACgkQYDBbMcCf01o3sACgiIjjUlbNKC8gZoxW8PEqzexZ
PtEAoLRD0tbX2GOZtMRnOGNmZ3F8dl9Z
=TiOt
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to