-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 Mar 2015 18:51:51 +0100 Source: axis Binary: libaxis-java libaxis-java-gcj libaxis-java-doc Architecture: source all amd64 Version: 1.4-12+deb6u1 Distribution: squeeze-lts Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Holger Levsen <holger@debian.org> Description: libaxis-java - A SOAP implementation in Java libaxis-java-doc - A SOAP implementation in Java (documentation) libaxis-java-gcj - A SOAP implementation in Java (native code) Closes: 762444 Changes: axis (1.4-12+deb6u1) squeeze-lts; urgency=high . * Non-maintainer upload by the Squeeze LTS Team. . [ Markus Koschany ] * Add patch for CVE-2014-3596 (also addressing CVE-2012-5784) The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. (Closes: #762444) Checksums-Sha1: 5bafa07d396f802c104e40c1e78da04ee104c508 2146 axis_1.4-12+deb6u1.dsc bc72c19945ff8c11c7c7088bf3e575a5b61d7d5f 11714 axis_1.4-12+deb6u1.debian.tar.gz fda2ae7def6ba4e4999a159918a87f6824e8320a 1478904 libaxis-java_1.4-12+deb6u1_all.deb ef85a0d8804dbb8aa777f3ac50c39a8ac10e7bb9 2037654 libaxis-java-doc_1.4-12+deb6u1_all.deb f1b756baa0682d3e8789a1def5b8f46fedc9a893 1858248 libaxis-java-gcj_1.4-12+deb6u1_amd64.deb Checksums-Sha256: 61e7190a1b1006a87ac96c89316f0ba743e3748f894aba92e061988dcbb3d787 2146 axis_1.4-12+deb6u1.dsc d64f6543924eecaf8547171696fa424b3d682f494fb15e735cf7c8dd226391bf 11714 axis_1.4-12+deb6u1.debian.tar.gz 25df717676611c4e536ee5c284e8fd4e9b7e0d37d40c297896b053ce307aba07 1478904 libaxis-java_1.4-12+deb6u1_all.deb b51efb29810919b5824eb99c2176341648b27513c31fb86c8b21096316c84cc9 2037654 libaxis-java-doc_1.4-12+deb6u1_all.deb 6b3d45f2ecf6094e6f87eb647f5c5529bd7f5ca69bea5804c554977bb55eb0d2 1858248 libaxis-java-gcj_1.4-12+deb6u1_amd64.deb Files: c8336a36024a0abbb67aba3e302c88e5 2146 java optional axis_1.4-12+deb6u1.dsc 61b97af5dfdf920240ac56647534115c 11714 java optional axis_1.4-12+deb6u1.debian.tar.gz 18721033f2c06eadc57499a085e3834c 1478904 java optional libaxis-java_1.4-12+deb6u1_all.deb ba4614d21ceba16468209c461a0a5cff 2037654 doc optional libaxis-java-doc_1.4-12+deb6u1_all.deb d630e316124a82647884833a2f91dcfe 1858248 java optional libaxis-java-gcj_1.4-12+deb6u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUBVP81YQkauFYGmqocAQo3QRAAq9YnudiCmipq3ykhFx+ph8oHOcNyt6hi 9Dno+kbizZHaw7HOZGNwe17XYJql9L222TdoKZgoNfpQNTCCdd8ISj6yH6O95atf VEmsUM9G22zpkrPQhUt0FHSvuWq7cCJgYEzOOMT6dwGQ/uFiL+pDw7pX+jySmjX6 6ChjP3dtQ4qn+qdZxb+uV7IWi8W1FY2k/qotCwVZ1N07iSwPh1GMAtWITC0i1I0E WEjuxkx2olMBCeyFAo4sFMVDgYqUji7Scdowj1c2/oYvGI24UXaIs3j2Zz1eB+NU os04m1oRw92Cxk9QiunYTIREbPhNqmVxLNAmBBOM33KVT0hdljFbjCSILJTeMYtn zikXROO2D99xNqit+j13RbhNaGv+62PuCMK6AqBmfL2xWO+Z2vZThmmDUrzykcqE HViHQkW45AN0jZ78p8j8MsKkd6x8V4TQ56AVmpb20bx348YOh7o51aFx/V+0OFVg JPA2IvwUN5itETCsbmdAof8Aydl9ASrXVShZgwt908m62HEzrdlVcu3yzeT0MCLN TZj/KcBvXym7fXZmKtt9zPfm9GvmIOkQToLB1CWmXRMD1hqBlO0szKpJZF9YQjmN PS7SHfYeAPozt7Cb0xuCQgCSQVVJTWy7ASM/4YhTkc6Osp0UWOQyDIAkMXewidb3 FvRnjbQ/TM0= =cXfV -----END PGP SIGNATURE-----
