Control: tag -1 + security patch
(this is not about commons-httpclient but about httpcomponents-client)
On Fri, 11 Sep 2015, Guido Günther wrote:
> > Note that according to HTTPCLIENT-1478 [1] this was completely fixed in
> > the version 4.3.6. So if this is really a security issue the
> >
Processing control commands:
> tag -1 + security patch
Bug #798650 [src:commons-httpclient] CVE-2015-5262: https calls ignore
http.socket.timeout during SSL Handshake
Added tag(s) patch and security.
--
798650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798650
Debian Bug Tracking System
Source: commons-httpclient
Version: 3.1-11
Severity: important
Please see https://bugzilla.redhat.com/show_bug.cgi?id=1259892
Cheers,
-- Guido
-- System Information:
Debian Release: 8.1
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable'),
(500,
Hi,
On Fri, Sep 11, 2015 at 04:20:42PM +0200, Emmanuel Bourg wrote:
> Le 11/09/2015 15:12, Guido Günther a écrit :
>
> > Please see https://bugzilla.redhat.com/show_bug.cgi?id=1259892
>
> Thank you for the report Guido. A hanging connection is certainly
> annoying but I fail to understand why
Le 11/09/2015 15:12, Guido Günther a écrit :
> Please see https://bugzilla.redhat.com/show_bug.cgi?id=1259892
Thank you for the report Guido. A hanging connection is certainly
annoying but I fail to understand why it's flagged as a security
vulnerability.
Note that according to HTTPCLIENT-1478
5 matches
Mail list logo