-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 25 Sep 2014 19:45:08 +0000 Source: axis Binary: libaxis-java libaxis-java-doc Architecture: source all Version: 1.4-21 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@gambaru.de> Description: libaxis-java - SOAP implementation in Java libaxis-java-doc - SOAP implementation in Java (documentation) Closes: 762444 Changes: axis (1.4-21) unstable; urgency=high . * Team upload. * Fix CVE-2014-3596. - Replace 06-fix-CVE-2012-5784.patch with CVE-2014-3596.patch which fixes both CVE issues. Thanks to Raphael Hertzog for the report. - The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784. - (Closes: #762444) * Declare compliance with Debian Policy 3.9.6. * Use compat level 9 and require debhelper >=9. * Use canonical VCS fields. Checksums-Sha1: 95cc11b21cf6819bc68eb8617806a454f4d98cfa 2246 axis_1.4-21.dsc 263e0ff0b63af097bf4c3f85e7843d35d8fbe33d 11476 axis_1.4-21.debian.tar.xz dbd687ccba324618a07bf98505658c14e9acca9b 1495266 libaxis-java_1.4-21_all.deb f1d5d295146affa2c2c8125e8606f4c74f948483 1064692 libaxis-java-doc_1.4-21_all.deb Checksums-Sha256: e97a76ebbb1b890b42c722db0343096d5d752081b264c8ec72998da38d39bbf5 2246 axis_1.4-21.dsc 4f4f2750da840c330cbbe1fca32955c16fc8220d501d5db09601df7089c85677 11476 axis_1.4-21.debian.tar.xz 3230be2f258dfcb953f2456eab192cbe5b9caaae224abef817d9f9cca9d0743b 1495266 libaxis-java_1.4-21_all.deb 3946539a0c3eab191cf743b8a667bcd98bc8cd070eb6cbfc04d04730cb5d7038 1064692 libaxis-java-doc_1.4-21_all.deb Files: ea9e4da875b544aaf75b87b468291b1c 1495266 java optional libaxis-java_1.4-21_all.deb b7b91fd7d069cd949bc3be444356dc14 1064692 doc optional libaxis-java-doc_1.4-21_all.deb 9a5ece1c68e6e59ca50f345e92ea07e3 2246 java optional axis_1.4-21.dsc 9738cc1034ad3534d9c9cb556c4b467b 11476 java optional axis_1.4-21.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJUK2snAAoJEGIODQuJV82l72wP/A1mtcF7CE7kDza++HwT/JCz /MzHKs8IEy7M77EVInF9xDWzEiVt+dbeUUOfNe/znm1Cu7hJt/MqWPepStCRmGp2 PYLyC8guZlxMGxoNXBXIgD6v2LTBhanMaQ3SmyDNzZeGgSUkjR2tt+SSseIqH5MY +JHrjaFlxUXM8c3Sjxr4CQyQEA9adzjT5Vq4zUrIVOph1PkxLYcVRgq1ZfVQy0ed 8D2fiLXvOOC5Slun9aouVcZYBR8LH6nP8QDezKENl/4InQouB/UJ+9HhGAwCEoBr OlaF5a2bNW5TevyS3Tr3H2PFhIvt67XfeVX+Ag431wtEb0kfoRWtzU33ywbiGxhL jdvoguShbqew0h7Q/uduR9+lu8jpzKCyqDf7UmBqhlj9H0unADLAGJukXtVWgwgC krtapqtquj8/mY17inrANa/xhk7pBjJE5Q5pJT/Z6PwvgoQwKkLbGkqbJrkNe3Tk fbSI63ocIJRx2tabwFBKIbLQSOd91r7hqw7HEq8DVXtLcC4k40dL0tmUL778Yh9L +2mYfyq/4jRLUsnbpK4aTBe43jV/hqh/KHoFSbqQkuHPgoddbn8IJyeaxfkKq9fQ eWDKpAbWFy8KWGsa47YFRjyENJrH4A1yS1Rzx2uJBXS8xbPPyDKMQ0Tkxl+io9LS UpopE/a7PFLG7f5sT7KU =rhQE -----END PGP SIGNATURE-----
