On Apr/15, Markus Koschany wrote:
> I have prepared a patch for CVE-2014-3577 (commons-httpclient). [1] The
> patch is identical to the Jessie / Sid fix. Do you consider this
> vulnerability important enough for a DSA or do you prefer a point
> release update?
Hi Markus,
this issue was marked "no
Hello security team,
I have prepared a patch for CVE-2014-3577 (commons-httpclient). [1] The
patch is identical to the Jessie / Sid fix. Do you consider this
vulnerability important enough for a DSA or do you prefer a point
release update?
Regards,
Markus
[1] https://bugs.debian.org/758086
diff
Hi,
Since the last maintainer upload was well over three years ago and there have
been several unacknowledged NMU's since then, I've taken the liberty to upload
Markus' good work as-is to unstable to fix this security issue for jessie.
Cheers,
Thijs
signature.asc
Description: This is a digit
Processing commands for cont...@bugs.debian.org:
> retitle 758086 CVE-2014-3577 Apache HttpComponents hostname verification
> bypass
Bug #758086 [commons-httpclient] CVE-2012-6153: Apache HttpComponents client:
Hostname verification susceptible to MITM attack
Changed Bug title to 'CVE-2014-3577
Some more information about this issue. TL;DR this is actually
CVE-2014-3577. Debian's package is not affected by CVE-2012-6153.
I recommend to fix this bug by applying the debdiff from my last e-mail.
We currently apply the 06_fix_CVE-2012-5783.patch [1]. Now I am sure
that this patch fixes two C
5 matches
Mail list logo