Debian Package Tracker

From: Markus Koschany <apo@gambaru.de>
To: <debian-changes@lists.debian.org>
Subject: Accepted httpcomponents-client 4.1.1-2+deb7u1 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Wed, 29 Apr 2015 12:47:28 +0000
Signed by: Miguel Landaeta <miguel@miguel.cc>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 18 Apr 2015 14:15:11 +0200
Source: httpcomponents-client
Binary: libhttpclient-java libhttpmime-java
Architecture: source all
Version: 4.1.1-2+deb7u1
Distribution: wheezy
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@gambaru.de>
Description: 
 libhttpclient-java - HTTP/1.1 compliant HTTP agent implementation
 libhttpmime-java - HTTP/1.1 compliant HTTP agent implementation - mime4j extension
Changes: 
 httpcomponents-client (4.1.1-2+deb7u1) wheezy; urgency=high
 .
   * Team upload.
   * Add CVE-2012-6153.patch and CVE-2014-3577.patch.
     It was found that the fix for CVE-2012-5783 and CVE-2012-6153 was
     incomplete. The code added to check that the server hostname matches the
     domain name in the subject's CN field was flawed. This can be exploited by
     a Man-in-the-middle (MITM) attack where the attacker can spoof a valid
     certificate using a specially crafted subject.
Checksums-Sha1: 
 6575f319065f21fa4894b35f987f8318ab03621d 2489 httpcomponents-client_4.1.1-2+deb7u1.dsc
 0ef17a593669a08a3c41399a73fead81e621e5d7 1445826 httpcomponents-client_4.1.1.orig.tar.gz
 871a79b974cb5182208d96462988ec3a61151805 6907 httpcomponents-client_4.1.1-2+deb7u1.debian.tar.gz
 5a88829cf66f62d9250551a778fd14795159f670 327082 libhttpclient-java_4.1.1-2+deb7u1_all.deb
 363eeea20c685b2763a569aa15a62e81e4991f2a 34240 libhttpmime-java_4.1.1-2+deb7u1_all.deb
Checksums-Sha256: 
 709355581b034173f24e7a536d3bd2652205c28f3ea4e7107320560535c85151 2489 httpcomponents-client_4.1.1-2+deb7u1.dsc
 ca8384eaeefba78b3e185f072d66b500007f276fbdae296ed08dba9a3dab51c8 1445826 httpcomponents-client_4.1.1.orig.tar.gz
 c705e29daa25cf31e163b07cafeb926e2bf81c56ae280f4849847485fbd82c70 6907 httpcomponents-client_4.1.1-2+deb7u1.debian.tar.gz
 6a58ea9296abd9ccc2e2cd006c8dc510a2b75188257c6cee18d2888760f885a9 327082 libhttpclient-java_4.1.1-2+deb7u1_all.deb
 a3a51d8370db836a949d671d17ee9dab8d3d1f880f1e2702d1b4559d13d02bd2 34240 libhttpmime-java_4.1.1-2+deb7u1_all.deb
Files: 
 4bb9e5a2cccd09269745fb8e809a7b7b 2489 java optional httpcomponents-client_4.1.1-2+deb7u1.dsc
 12be9646128db4a4383e47341cbeb7fd 1445826 java optional httpcomponents-client_4.1.1.orig.tar.gz
 7b78b4672b6ac5802e3ba8711397f925 6907 java optional httpcomponents-client_4.1.1-2+deb7u1.debian.tar.gz
 44de98d1fd034c42cf635b1d4c538547 327082 java optional libhttpclient-java_4.1.1-2+deb7u1_all.deb
 3172065aac6b2967e88abbbdff41dfef 34240 java optional libhttpmime-java_4.1.1-2+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJVPR7IAAoJEGIODQuJV82l+REQAIMYXYNw1pGZb6BA7yj3LpkI
OihnuoCiuzkkxkz5Wbbu+Ja5AczcGyLwxX6YcEoy4gqh8hUJDw2QpEbL7wcqHber
yiLJtPSA1eABr6cE4X4JA5j4JM7RGP1qTJsJnW0ZTErWHULHtAy2Z4kkG9XgPMP9
IDW4ofbLQvw/CuwEwmAhsnRjpVfAUxbmUzt+6gc2n82ODc3vPxaUBEvnKlZnfUiz
4mcPg1ecMKOFSo7uipksARyhgvfTQ5aK7cUrsY4zncR5OnBp2c74GtJSA5RDs7S+
n9oytZjiWWlcRJpwkdj0uJEuMWF1pjVjBtLW7oLQfsL+22NKfocbMLzWmGNVNRQI
Re/DLcbyiP4ITXVfX6mzq2DFZH2tDdrXHgOeiG49gJbotKzISiuQJ5PzaQPuxWP/
/Apkcg32UnByFPJcvUa7fMd43TMJSCE/2i63eBkViIqY4OjSikqNec4/X2EwSRMN
COtKxOJnYdYr4kRkO9f6QJj+85fceAThacRxs7+3uGnHkLkAsmhXdAKCvILVKGuf
WJxPtWkkFxE925C5qWBSXXA9co7Pl9vLFpgbYIFM/nj5bVII8laySVnLRpNgk9gM
2rJakud4awMCrVlex7FPOwzrA7zYj2lPTaubUfWmyc7MIDiyJXndpbsHA2QV5dkJ
8ZoeOuz4sU8x6981o0zD
=b5qh
-----END PGP SIGNATURE-----
News for package httpcomponents-client
