Hi Andrew, On Tue, Apr 10, 2018 at 2:04 PM, Danis, Andrew (CONTR) < andrew.da...@hq.doe.gov> wrote:
> Good Afternoon Spacewalk Team, > > Regarding these packages: > > jakarta-oro-2.0.8-16.el7.noarch > jakarta-commons-httpclient-3.1-16.el7_0.noarch > > Are these being supported with security patches by red hat? I see fixes as > of 2013/2014 for CVE-2014-3577 and 2013-1571 but according to the Jakarta > project page it has been EOL since 2010. > Looking at the specfile changelogs, jakarta-oro fixed 2013-1571 in 0:2.0.8-14 : === * Fri Jun 28 2013 Mikolaj Izdebski <mizde...@redhat.com> - 0:2.0.8-14 - Rebuild to regenerate API documentation - Resolves: CVE-2013-1571 === and jakarta-commons-httpclient was released specifically to address CVE-2014-3577 : === * Tue Aug 12 2014 Michal Srb <m...@redhat.com> - 1:3.1-16 - Fix MITM security vulnerability - Resolves: CVE-2014-3577 === G -- Grant Gainey Principal Software Engineer, Red Hat Satellite
_______________________________________________ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel