httpcomponents-client (4.3.3-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: It was found that the fix for CVE-2012-5783
and CVE-2012-6153 was incomplete. The code added to check that
the server hostname matches the domain name in the subject's CN
field was flawed. This can be exploited by a Man-in-the-middle
(MITM) attack where the attacker can spoof a valid certificate
using a specially crafted subject.
- debian/patches/CVE-2014-3577.patch: fix in AbstractVerifier.java
- CVE-2014-3577
Date: 2018-08-13 20:52:11.981641+00:00
Changed-By: Eduardo dos Santos Barretto <[email protected]>
Signed-By: Ubuntu Archive Robot
<[email protected]>
https://launchpad.net/ubuntu/+source/httpcomponents-client/4.3.3-1ubuntu0.1
Sorry, changesfile not available.
--
Trusty-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/trusty-changes
