Control: tag -1 + security patch
(this is not about commons-httpclient but about httpcomponents-client)
On Fri, 11 Sep 2015, Guido Günther wrote:
> > Note that according to HTTPCLIENT-1478  this was completely fixed in
> > the version 4.3.6. So if this is really a security issue the
> > httpcomponents-client package in stable and oldstable is also affected.
> I do think so but I haven't checked yet and
> claim that it's not yet reproduced for httpcomponents-client 4.2.x
> that's why I didn't file a but for httpcomponents-client yet until
> this is investigated further.
I did look into the source code and it looks like that this was a
regression in 4.3.x. So only jessie is affected. squeeze, wheezy (and
likely sid) seem to be fine.
Coming back to commons-httpclient:
RedHat produced a patch here:
Part of https://bugzilla.redhat.com/show_bug.cgi?id=1259892
BTW, would it not be possible to get rid of commons-httpclient
if it has been obsoleted by httpcomponents-client ?
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.