Debian Package Tracker - async-http-client

A new upstream version is available: project-2.1.0-alpha20

high

A new upstream version project-2.1.0-alpha20 is available, you should consider packaging it.

Created: 2017-01-17 Last update: 2017-06-22 07:27

Does not build reproducibly during testing

normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2016-04-06 Last update: 2017-06-22 07:34

lintian reports 1 warning

normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2016-09-13 Last update: 2016-09-13 06:45

1 ignored security issue in wheezy

low

There is 1 open security issue in wheezy.

1 issue skipped by the security teams:

CVE-2013-7397: Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.

Please fix it.

Created: 2015-07-12 Last update: 2017-06-18 08:29