-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 15 Apr 2015 21:24:48 +0200 Source: commons-httpclient Binary: libcommons-httpclient-java libcommons-httpclient-java-doc Architecture: source all Version: 3.1-10.2+deb7u1 Distribution: wheezy Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@gambaru.de> Description: libcommons-httpclient-java - A Java(TM) library for creating HTTP clients libcommons-httpclient-java-doc - Documentation for libcommons-httpclient-java Closes: 758086 Changes: commons-httpclient (3.1-10.2+deb7u1) wheezy; urgency=high . * Team upload. * Add CVE-2014-3577.patch. (Closes: #758086) It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The fix for CVE-2012-6153 was intended to address the incomplete patch for CVE-2012-5783. The issue is now completely resolved by applying this patch and the 06_fix_CVE-2012-5783.patch. * Change java.source and java.target ant properties to 1.5, otherwise commons-httpclient will not compile with this patch. Checksums-Sha1: ca26cd0f2a5be0029a7b2e8d56cf85fb38c31d1e 2526 commons-httpclient_3.1-10.2+deb7u1.dsc 0c6dfbf3d0d47cfc70595d2b15223a59f264795b 13684 commons-httpclient_3.1-10.2+deb7u1.debian.tar.gz 301f4d1a8f1e400f257c13cd222981d60696584c 299718 libcommons-httpclient-java_3.1-10.2+deb7u1_all.deb b87b0f77aba48d6177092356e96e2b149f840283 1547514 libcommons-httpclient-java-doc_3.1-10.2+deb7u1_all.deb Checksums-Sha256: 219a2ecdf758361cec1ea85bce645115c14bf609dc7b565cd0ab5aee610f6cb1 2526 commons-httpclient_3.1-10.2+deb7u1.dsc e977a7922cff20c65fb6dcfbd9bb2f11e2f079245edddc68567055dd0e444cac 13684 commons-httpclient_3.1-10.2+deb7u1.debian.tar.gz 7bafb3dc4b04d2c0af8ecb8010eae11b63496c57184fe1bd6b812f824eee2037 299718 libcommons-httpclient-java_3.1-10.2+deb7u1_all.deb 47af253e18f750a10ff226c487aceadb056a78a913a6ab3c1d66667022b620bd 1547514 libcommons-httpclient-java-doc_3.1-10.2+deb7u1_all.deb Files: 022067c70b0363ea2c1fa31542290b64 2526 java optional commons-httpclient_3.1-10.2+deb7u1.dsc 8a5862dc9b0b0898c61e438359eec285 13684 java optional commons-httpclient_3.1-10.2+deb7u1.debian.tar.gz 4deb3d76811d48c359dcbe0616f76b41 299718 java optional libcommons-httpclient-java_3.1-10.2+deb7u1_all.deb e1708de058fde033592dc11b9468294b 1547514 doc optional libcommons-httpclient-java-doc_3.1-10.2+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJVVPY9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMUUxMzE2RTkzQTc2MEE4MTA0RDg1RkFC QjNBNjgwMTg2NDlBQTA2AAoJELs6aAGGSaoGr8sQAMVXI1PRDTmuQsdtYFzXkBlp sg7R1HAR7VSTBpJiM71VCaY3Q8E6Kc0Rz4u0WsHX2Zbn/RjN2634h/BHa781n9sN RS1DtUjdsIC3vWcWA6D+MyrcIsc8HjYjfU4++MwuXOf4STsiZFCRF1mn+/+umW2K D+z+03KuNNre/WIkyESqK5lF4l3fq0AUlexWJc7yZkscQwfLwE3sc3CXf0octwbc 5hieqg1lc7rfOWjj7KgK6HAAhYbqP1gJH6wCaoQkMohWauRdVJXLVConWCYKcVdS R5yVWpu8/8v0C5IfzOMDSToRJyO/wknDqBsHYOKJw8CJgAgOnu/qvi2E+HE/Cooy qYhmf/jMo6s1jj+kuZvrbGfW0hWW3JDb/Ooq17iU5r+f4D7HfBp8tjq+ZjPLBUXs x0KMww9VzLFExVY+ySRk6J4B+YwgVwVXxQrWA+BCV2+SrwvdRqh3oQDVWa8IJONW uOdKdrBu+GAbsOBFi/M81YgtmcJWyUX75ZjSDgXD9HrX4goiaS+/ZqvIVoMvmk+f hN1QAcYFTbfKCZwiqJZ+GHBW6D2jqtpIphOXudsQFaeQKtykybbG+P1yOHIQoy1v kFwGMnGRTrqCqZ9ajUdS7eTUweSjKZkZKsqKyGDXm2WWRPXjxHLXP/gv9tQu2Pfq l4QFD1nwITCaQ/Wi22/H =K+gw -----END PGP SIGNATURE-----
