Hi Oleg, Thanks. That answered my question. regards, aki 2015-11-05 16:13 GMT+01:00 Oleg Kalnichevski <ol...@apache.org>: > On Thu, 2015-11-05 at 13:12 +0100, Aki Yoshida wrote: >> Hi, >> I have a question about CVE-2015-5262 [1] which talks about an issue >> regarding Httpclient before version 4.3.6. The referred jira ticket >> HTTPCLIENT-1478 [2] from there mentions that this issue has been fixed >> in 4.3.4. >> >> >> Could someone clarify the situation? Is there indeed an issue with >> 4.3.4 and 4.3.5 which is for security reasons not publicly linked from >> the above CVE or if there is an error in either of the documents? >> > > No, there is not. HTTPCLIENT-1478 affected deprecated code only. It did > not affect productive code to start with. CVE-2015-5262 should have > never been raised in the first place but some people think being > credited as a reporter of CVE entry is cool. > > Oleg > >> Regards, Aki >> [1] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262 >> [2] https://issues.apache.org/jira/browse/HTTPCLIENT-1478 >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org >> For additional commands, e-mail: httpclient-users-h...@hc.apache.org >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org >
--------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
