Something went wrong with our publication process. You do not need to
modify your parsing scripts at this time.
Pat
On 09/09/2014 11:00 AM, Jake Edge wrote:
On Tue, 9 Sep 2014 10:56:27 -0500 Pat Riehecky wrote:
Sorry for the error.
You are correct, the Synopsis line should have read:
Synopsis: Important: jakarta-commons-httpclient security update
Thank you for the report.
In addition, the subject line is missing the "Security ERRATA" that
usually precedes the severity ... is that a long-term change or just
an oversight?
(this may sound like I am picking on minor changes, but we have
scripts that recognize and ingest the advisories, so we are sensitive
to any changes -- I am happy to change our scripts if needed, but I
just want to make sure it *is* needed)
thanks,
jake
On 09/09/2014 10:50 AM, Jake Edge wrote:
This advisory looks different than usual, and in fact looks wrong
(the subject is about jakarta-commons-httpclient but the synopsis
mentions thunderbird ...
is this some new format for advisories? or is this just a mistake
that will be corrected soon?
thanks!
jake
On Mon, 8 Sep 2014 19:16:30 +0000 Pat Riehecky wrote:
Synopsis: Important: thunderbird security update
Advisory ID: SLSA-2014:1166-1
Issue Date: 2014-09-08
CVE Numbers: CVE-2014-3577
--
It was discovered that the HTTPClient incorrectly extracted host
name from an X.509 certificate subject's Common Name (CN) field. A
man-in-the-middle attacker could use this flaw to spoof an SSL
server using a specially crafted X.509 certificate. (CVE-2014-3577)
--
SL5
x86_64
jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.x86_64.rpm
jakarta-commons-httpclient-demo-3.0-7jpp.4.el5_10.x86_64.rpm
jakarta-commons-httpclient-javadoc-3.0-7jpp.4.el5_10.x86_64.rpm
jakarta-commons-httpclient-manual-3.0-7jpp.4.el5_10.x86_64.rpm
i386
jakarta-commons-httpclient-3.0-7jpp.4.el5_10.i386.rpm
jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.i386.rpm
jakarta-commons-httpclient-demo-3.0-7jpp.4.el5_10.i386.rpm
jakarta-commons-httpclient-javadoc-3.0-7jpp.4.el5_10.i386.rpm
jakarta-commons-httpclient-manual-3.0-7jpp.4.el5_10.i386.rpm
SL6
x86_64
jakarta-commons-httpclient-3.1-0.9.el6_5.x86_64.rpm
jakarta-commons-httpclient-debuginfo-3.1-0.9.el6_5.x86_64.rpm
jakarta-commons-httpclient-demo-3.1-0.9.el6_5.x86_64.rpm
jakarta-commons-httpclient-javadoc-3.1-0.9.el6_5.x86_64.rpm
jakarta-commons-httpclient-manual-3.1-0.9.el6_5.x86_64.rpm
i386
jakarta-commons-httpclient-3.1-0.9.el6_5.i686.rpm
jakarta-commons-httpclient-debuginfo-3.1-0.9.el6_5.i686.rpm
jakarta-commons-httpclient-demo-3.1-0.9.el6_5.i686.rpm
jakarta-commons-httpclient-javadoc-3.1-0.9.el6_5.i686.rpm
jakarta-commons-httpclient-manual-3.1-0.9.el6_5.i686.rpm
- Scientific Linux Development Team
--
Pat Riehecky
Scientific Linux developer
http://www.scientificlinux.org/
