Control: tag -1 + security patch

(this is not about commons-httpclient but about httpcomponents-client)

On Fri, 11 Sep 2015, Guido Günther wrote:
> > Note that according to HTTPCLIENT-1478 [1] this was completely fixed in
> > the version 4.3.6. So if this is really a security issue the
> > httpcomponents-client package in stable and oldstable is also affected.
> I do think so but I haven't checked yet and
> claim that it's not yet reproduced for httpcomponents-client 4.2.x
> that's why I didn't file a but for httpcomponents-client yet until
> this is investigated further.

I did look into the source code and it looks like that this was a
regression in 4.3.x. So only jessie is affected. squeeze, wheezy (and
likely sid) seem to be fine.

Coming back to commons-httpclient:

RedHat produced a patch here:
Part of

BTW, would it not be possible to get rid of commons-httpclient
if it has been obsoleted by httpcomponents-client ?

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS:
Learn to master Debian:

This is the maintainer address of Debian's Java team
Please use for discussions and questions.

Reply via email to