-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 02 Oct 2014 22:13:16 +0200 Source: axis Binary: libaxis-java libaxis-java-doc Architecture: source all Version: 1.4-16.2+deb7u1 Distribution: stable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@gambaru.de> Description: libaxis-java - SOAP implementation in Java libaxis-java-doc - SOAP implementation in Java (documentation) Changes: axis (1.4-16.2+deb7u1) stable; urgency=high . * Team upload. * Fix CVE-2014-3596. - Replace 06-fix-CVE-2012-5784.patch with CVE-2014-3596.patch which fixes both CVE issues. Thanks to Raphael Hertzog for the report. - The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784. Checksums-Sha1: 98b27161f8cbaeb9b06472eb7d9d5c046112ca34 2270 axis_1.4-16.2+deb7u1.dsc d8151a6efda52eed409db865bd3602f1ed247b2b 5295544 axis_1.4.orig.tar.gz a209f058e95ab2aa65b25ee8135f6fe1dbf9ef2d 12734 axis_1.4-16.2+deb7u1.debian.tar.gz b61f866a4af1555f316031856252c6cac72bb70b 1495834 libaxis-java_1.4-16.2+deb7u1_all.deb 963b8b81f4295df9956a5e3d081e824b3836e2c9 2032638 libaxis-java-doc_1.4-16.2+deb7u1_all.deb Checksums-Sha256: 158ebe1741aab48fd3634c91fe76b75c765181f64c988ca67f84a783f43895d4 2270 axis_1.4-16.2+deb7u1.dsc 9c6fd085bf83c76162c186ef755b05bb3cca68ab5ff66d47dcf69efda072ab74 5295544 axis_1.4.orig.tar.gz 62c1f297ad7c31a6f288944d5ba651d2e998538908d0b83bfd853d9f9e322359 12734 axis_1.4-16.2+deb7u1.debian.tar.gz 41060fb74fedb872f882c3751f5f175d1ed0d5c9312762fed29b99d157d570d0 1495834 libaxis-java_1.4-16.2+deb7u1_all.deb 38915e26b915f55a13b20a585813d0e492100a6839233b2e45b5fab7329615ef 2032638 libaxis-java-doc_1.4-16.2+deb7u1_all.deb Files: b6f2d2d7d6fe45d8a1b1ffd908e4068f 2270 java optional axis_1.4-16.2+deb7u1.dsc 6fd3b673a4de3609394f492748b1f3f1 5295544 java optional axis_1.4.orig.tar.gz 1e19d9e421ffc982d188ee5ca2e6ccb0 12734 java optional axis_1.4-16.2+deb7u1.debian.tar.gz e5b55ce5c82a6d9c42980fec3abf152c 1495834 java optional libaxis-java_1.4-16.2+deb7u1_all.deb 65fd601ff383fdf96b7ec4d45c02b433 2032638 doc optional libaxis-java-doc_1.4-16.2+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJULgHYAAoJEGIODQuJV82lubYP/06T9xLom0mtwolbbvKbZuik L7SkT2mYa2bJ0vDqiXsiPI8uzFN/5BUH10FSEsrbvMikhhR6rCOWt9D5ad0cY4Rr TlsMf8rVXx4q658qf7jNCAuMD/Jriz4Rje7YgAkYDJfARuoqbhgeMMRGBocUz+k4 WCXslmHPgOauUTHYyZpwJepePn0HJHwtBdCvICI/0aBRygVVqW1wN8eXZDg6JPhg 0Es9P2Bu2852UPyZDLvP/3/d87uxEjlJEnVzkcOYkCbeRLgJ4ihDhaLYHIoDRpu5 2vRmc5OQc2MtRi0CHU4tqR0msqhsVe4wbJ0fAqy6nfLzXWp7hryYCCYtCBT2dJGQ XvUtRaRMtJrTko5CK1xjnCnG+TsBQ516HIjDG+VG5MDvg5pI4hyD2CfGtqQG054/ G6qq+TFphT/nRMIwj+kl732HvBW+oRcf73NygeifYZbkINLhhdH/og+cV6NotmBw 7/qvGqB9tTi5vRkoeYGI2DDGimNfQbCr8AZ9Veo7go1Q/r+DGhKG2AGnIPH7ttMq 05HE3o5Mw3AEUr1gP5JXx8VSIdW230kFGwLiSjYIKSfrcVb9mKfyDM56dUNSEOaU R0Pw+UXieueAAIgOBsEcLQnzjTO5lWATUcCHje+3+JnXKKsY0tflayC+WY+xCHpF rSIFeK09crthAPXH5lmR =FX+k -----END PGP SIGNATURE-----
