Package: axis2c Severity: grave Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi, the following vulnerability was published for axis2c. CVE-2012-6107[0]: Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate See also upstream bugtracker[1]. Unfortunately patches do not seem to be available yet. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2012-6107 [1] https://issues.apache.org/jira/browse/AXIS2C-1619 Please adjust the affected versions and severity in the BTS as needed. Regards, Salvatore -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ8SgIAAoJEHidbwV/2GP+iCoQAIaUq7mZTY5lWNktMfmAFjCr FHkyJd8RNOpuXXRZnzW7zxyONubafnmKQ8xxGFq3qZjyK7v3d/VZ8B0zw+NQq6l1 WZqJ+ibk3QCpV+UMjBKHYs4FCbbwxXzYiwP9VFRJORxjjnAJ6uaEBhWex7sEGsU/ DPSSMnisYN9ckwSYLt81BdOerHR9BwZxG7RtxL8ZPx3mtcsnTKlUiDtdcKxp30VN c7BAGAra57ktYiOhCX1JiyXjIExxMBDio43BTuOts6pGGKlHX7dwLSvL9/g408dD mYw+ocGRGVg2nLBKzVdKZgYRm7v+4lzzBMbBG0Grh5L4WXOwkQ+nuKeFGt7D1M1t qk65p7uiBqCEV+Vmj0cgtjSgCI5ZQE9QyArVfrF4Gfq8bz6LA5okhSwizTBi7LdG rIOYy+pZHiNhsJJkAtKY2u8UrdpTj6BaYsBX3OxVi1Kl5zrp9PRSVeSxMcqefn8E ppgPk0BoFBBdIRs4CmxRQcgXc9um0NxTee9vhLnYlQN/kiWpcAE2DaKUHmbg8WFe aXRSa6kWZpEN2NQrywfw9QY3owgQ0cS6ydegZBG4vmZPa4yIZEQatNF1ukTVdi8L 20ZcEZ8kD1LgfoyOkUeLatn8ShbB8g/eglVcAojjQh9I6NPmpfC9cRhYP0+BQnLi jyXvmJ1BdKRt/z4ul20M =JE3j -----END PGP SIGNATURE----- _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
