Bug#692442: patch

Hi I've backported the routine to validate certificate name, and I've made a patch (attached). I'm not sure it's a good idea apply the patch, it can break programs that connect with "bad" hostnames (ips, host in /etc/hostname, etc) Description: Validates the hostname requested is the same in the

Bug#692650: patch

Hi I've made a patch (attached) It's basically the same patch i've submitted to commons-httpclient (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692442 ), This patch is tested in commons-httpclient but untested in axis (sorry) Description: Validates the hostname requested is the same in the

Bug#692442: Patches for CVE-2012-5783 and CVE-2012-5784

Hi Mike, I don't understand what you expect from me. I've uploaded the patches to the BTS, I don't know what next steep is. I suppose a maintainer would pick it from there. If there's something I can do let me know. Thanks, Alberto El jue, 22-11-2012 a las 04:00 -0500, Michael Gilbert escribió:

Bug#692442: Patches for CVE-2012-5783 and CVE-2012-5784

El jue, 22-11-2012 a las 04:00 -0500, Michael Gilbert escribió: > > I've backported the routine to validate certificate name, and I've made > > a patch (attached). > > > > I'm not sure it's a good idea apply the patch, it can break programs > > that connect with "bad" hostnames (ips, host in /etc/

Bug#692442: patch upstream

Here is the patch posted to upstream: https://issues.apache.org/jira/browse/HTTPCLIENT-1265 __ This is the maintainer address of Debian's Java team . Please use debian-j...@lists.debian.org for discussions and question

Bug#692650: patch

patch posted upstream: https://issues.apache.org/jira/browse/AXIS-2883 __ This is the maintainer address of Debian's Java team . Please use debian-j...@lists.debian.org for discussions and questions.

Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784

Hi, I've uploaded the two packages to mentors.debian.net. We must solve the two bugs at the same time because axis uses commons-httpclient. Upstream seems End-of-life and rejected the patches. El mié, 05-12-2012 a las 16:43 +0100, Andreas Tille escribió: > Hi, > > seems the package is ready fo

Bug#692442: Patches for CVE-2012-5783 and CVE-2012-5784

-12-2012 a las 21:51 +0100, Andreas Tille escribió: > Hi Alberto, > > On Wed, Dec 05, 2012 at 06:01:51PM +0100, Alberto Fernández wrote: > > I've uploaded the two packages to mentors.debian.net. > > > > We must solve the two bugs at the same time because axis uses

Bug#692442: Patches for CVE-2012-5783 and CVE-2012-5784

Hi All, I've prepared the patch with the problem pointed by David fixed (thanks David). It also fixes a bug related to wildcard certificates. The first patch is backported from httpclient 4.0 and apache synapse. This second patch backports some fixes from httpclient 4.2 The patch differ a lot

Bug#692442: new patch for commons-httpclient CVE-2012-5783 (full patch)

Description: Fixed CN extraction from DN of X500 principal and wildcard validation commons-httpclient (3.1-10.2) unstable; urgency=low * Fixed CN extraction from DN of X500 principal and wildcard validation Author: Alberto Fernández Martínez Origin: other Bug-Debian: http://bugs.debia

Bug#692650: patch for axis CVE-2012-5784 (full patch)

Description: Fixed CN extraction from DN of X500 principal and wildcard validation axis (1.4-16.2) unstable; urgency=low * Fixed CN extraction from DN of X500 principal and wildcard validation Author: Alberto Fernández Martínez Origin: other Bug-Debian: http://bugs.debian.org/692650 Fo

Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784

ous > solution will not migrate to testing. I'll volunteer to sponsor your > new version if you confirm that this is needed to finally fix the issue. > > Kind regards > > Andreas. > > On Thu, Dec 06, 2012 at 01:49:07PM +0100, Alberto Fernández wrote: > > Hi

Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784

Hi I've reopened the two bugs. The first patch was incomplete, as pointed by David and by other bug i've found reviewing the code. The bug pointed by David can occur in some rare cases where the CA issues malformed certificates. It's rare, but there are may CA... The other bug it's about wildc

Bug#692442: Patches for CVE-2012-5783 and CVE-2012-5784

Hi. Both patches attached at upstream JIRA and reopened HTTPCLIENT-1265. Waiting for response. Kind regards Alberto __ This is the maintainer address of Debian's Java team . Please use debian-j...@lists.debian.org fo

Bug#687692: examples

Hi Tobias Here's a testcase. In sid it works fine, but if I use the jars provided in testing it fails. Important: the pdf file is "protected" , so it's necesary bouncycastle to decrpyt it. Normal pdf files don't fail because they don't need bouncycastle. Attached sample pdf and sample java that

Bug#687692: testcase bug 687692

Hie Tobias and Niels I've upload to the BTS a testcase for the bug. It's a protected pdf sample file and a simple java program that counts the number of pages of a PDF. It works fine in sid and fails in testing. Grettings Alberto __ This is the maintainer address of Debian's Java team

Bug#692442: patch applied to commons-httpclient upstream

Hi The patch is applied upstream: http://svn.apache.org/viewvc?view=revision&revision=1422573 http://svn.apache.org/repos/asf/httpcomponents/oac.hc3x/trunk Kind Regars Alberto __ This is the maintainer address of Debian's Java team

Bug#603284: Patch proposed

Hi I've developped a patch to make iText not modify metadata on PdfStamperImp.java unless explicitily instructed. Patch attached --- a/core/com/lowagie/text/pdf/PdfStamperImp.java +++ b/core/com/lowagie/text/pdf/PdfStamperImp.java @@ -234,24 +234,9 @@ altMetadata = xmpMetadata;