On Mon, Dec 29, 2014 at 10:25:24PM +0100, Moritz Mühlenhoff wrote: > On Mon, Sep 22, 2014 at 03:56:00PM +0200, Raphael Hertzog wrote: > > Hi, > > > > On Mon, 18 Aug 2014, Salvatore Bonaccorso wrote: > > > On Thu, Aug 14, 2014 at 11:43:32PM +0200, Emmanuel Bourg wrote: > > > > Is there an example available somewhere of a subject improperly parsed > > > > by commons-httpclient/3.1-10.2? This would help backporting the fix to > > > > this version. > > > > > > I think this is already fixed in 3.1-10.2, see the Red Hat bug as > > > reference and See https://bugs.debian.org/692442#56 and and following > > > mails. > > > > I don't understand this from those mails. On the contrary, RedHat > > did update their packages with a new patch on top of the former > > patch: > > https://git.centos.org/blob/rpms!jakarta-commons-httpclient/5acb7f7b3e637c3a6d072e3f037a3c4abb6c48af/SOURCES!jakarta-commons-httpclient-CVE-2014-3577.patch > > > > And the Debian package still have the old version of getCN(). > > What's the status? Can we get that fixed for jessie?
*ping*, the release is getting closer. Cheers, Moritz __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.