Re: Important: jakarta-commons-httpclient on SL5.x, SL6.x i386/x86_64

Tue, 09 Sep 2014 08:56:51 -0700 

Sorry for the error.

You are correct, the Synopsis line should have read:

Synopsis:          Important: jakarta-commons-httpclient security update

Thank you for the report.

Pat

On 09/09/2014 10:50 AM, Jake Edge wrote:

This advisory looks different than usual, and in fact looks wrong (the
subject is about jakarta-commons-httpclient but the synopsis mentions
thunderbird ...

is this some new format for advisories?  or is this just a mistake that
will be corrected soon?

thanks!

jake

On Mon, 8 Sep 2014 19:16:30 +0000 Pat Riehecky wrote:

Synopsis:          Important: thunderbird security update
Advisory ID:       SLSA-2014:1166-1
Issue Date:        2014-09-08
CVE Numbers:       CVE-2014-3577
--

It was discovered that the HTTPClient incorrectly extracted host name from
an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3577)
--

SL5
   x86_64
     jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.x86_64.rpm
     jakarta-commons-httpclient-demo-3.0-7jpp.4.el5_10.x86_64.rpm
     jakarta-commons-httpclient-javadoc-3.0-7jpp.4.el5_10.x86_64.rpm
     jakarta-commons-httpclient-manual-3.0-7jpp.4.el5_10.x86_64.rpm
   i386
     jakarta-commons-httpclient-3.0-7jpp.4.el5_10.i386.rpm
     jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.i386.rpm
     jakarta-commons-httpclient-demo-3.0-7jpp.4.el5_10.i386.rpm
     jakarta-commons-httpclient-javadoc-3.0-7jpp.4.el5_10.i386.rpm
     jakarta-commons-httpclient-manual-3.0-7jpp.4.el5_10.i386.rpm
SL6
   x86_64
     jakarta-commons-httpclient-3.1-0.9.el6_5.x86_64.rpm
     jakarta-commons-httpclient-debuginfo-3.1-0.9.el6_5.x86_64.rpm
     jakarta-commons-httpclient-demo-3.1-0.9.el6_5.x86_64.rpm
     jakarta-commons-httpclient-javadoc-3.1-0.9.el6_5.x86_64.rpm
     jakarta-commons-httpclient-manual-3.1-0.9.el6_5.x86_64.rpm
   i386
     jakarta-commons-httpclient-3.1-0.9.el6_5.i686.rpm
     jakarta-commons-httpclient-debuginfo-3.1-0.9.el6_5.i686.rpm
     jakarta-commons-httpclient-demo-3.1-0.9.el6_5.i686.rpm
     jakarta-commons-httpclient-javadoc-3.1-0.9.el6_5.i686.rpm
     jakarta-commons-httpclient-manual-3.1-0.9.el6_5.i686.rpm

- Scientific Linux Development Team






--
Pat Riehecky

Scientific Linux developer
http://www.scientificlinux.org/

Reply via email to