Package: commons-httpclient
Severity: important
Tags: security
Please see Section 7.5 of this paper:
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
This has been assigned CVE-2012-5783. I'm not sure if we can backport more
correct certificate validation to 3.x, but independent of that it might
make sense to introduce the 4.x codebase to the archive?
Cheers,
Moritz
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
