~ubuntu-branches/ubuntu/precise/commons-httpclient/precise-security

Viewing all changes in revision 11.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-10-01 09:05:17 UTC
  • Revision ID: package-import@ubuntu.com-20151001090517-2tqysjv85kq8n2l7
Tags: 3.1-10ubuntu0.1
* SECURITY UPDATE: improper certificate hostname verification
  - debian/patches/06_fix_CVE-2012-5783.patch: fix CN extraction and
    wildcard verification in
    src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java.
  - debian/patches/CVE-2014-3577.patch: fix Common Name logic in
    src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java.
  - CVE-2012-5783
  - CVE-2012-6153
  - CVE-2014-3577
* SECURITY UPDATE: denial of service via failure to set socket timeout
  - debian/patches/CVE-2015-5262.patch: respect configured timeout in
    src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java.
  - CVE-2015-5262
* debian/ant.properties: bump version to 1.5 to handle security fixes.

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: