Hi.
Both patches attached at upstream JIRA and reopened HTTPCLIENT-1265.
Waiting for response.
Kind regards
Alberto
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Thanks Alberto! Could I ask that to finalize this, you attach both
revised patches to the upstream bugs (HTTPCLIENT-1265 and AXIS-2883) and
ask upstream to commit them?
Thanks again
David
On 12/07/2012 04:02 AM, Alberto Fernández wrote:
Hi
I've uploaded new packages to mentors. I'll be out
Hi All,
I've prepared the patch with the problem pointed by David fixed (thanks
David). It also fixes a bug related to wildcard certificates.
The first patch is backported from httpclient 4.0 and apache synapse.
This second patch backports some fixes from httpclient 4.2
The patch differ a lot
Hi Alberto,
thanks for your continuous work on this. As I said in my previous mail
please remember to reopen the according bugs to make sure the previous
solution will not migrate to testing. I'll volunteer to sponsor your
new version if you confirm that this is needed to finally fix the issue.
Hi,
On Thu, Dec 06, 2012 at 07:02:54PM +0100, Alberto Fernández wrote:
Hi
I've uploaded new packages to mentors. I'll be out until Monday, so feel
free to review the patches and sponsor the new version if all you are
confident it's all ok
I admit I'm no Java programmer and I do not feel
Hi
I've reopened the two bugs.
The first patch was incomplete, as pointed by David and by other bug
i've found reviewing the code.
The bug pointed by David can occur in some rare cases where the CA
issues malformed certificates. It's rare, but there are may CA...
The other bug it's about
Hi Alberto,
On Wed, Dec 05, 2012 at 06:01:51PM +0100, Alberto Fernández wrote:
I've uploaded the two packages to mentors.debian.net.
We must solve the two bugs at the same time because axis uses
commons-httpclient.
I guess you mean bug #692442, right?
Upstream seems End-of-life and
Hi Andreas
I've uploaded both packages to mentors.
commons-httpclient - bug #692442 CVE-2012-5783
axis - bug #692650 CVE-2012-5784
Since axis uses commons-httpclient, we need fix and upload both
packages.
Upstream has ignored axis patch, and rejected commons-httpclient patch.
Basically, they
Hi Andreas
I've uploaded both packages to mentors.
commons-httpclient - bug #692442 CVE-2012-5783
axis - bug #692650 CVE-2012-5784
Since axis uses commons-httpclient, we need fix and upload both
packages.
Upstream has ignored axis patch, and rejected commons-httpclient patch.
Hi All
The upstream patch for CVE-2012-5783 referred to in Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=873317#c3
Is the 4.x patch. As you've noted, there is no 3.x patch available and
upstream won't provide one because it is EOL. I think Alberto's patch
looks sane (from a
Hi,
thanks for the additional information. Please note that I uploaded the
NMUed packages yesterday. In case the just one small issue mentioned
by David below is serious above please reopen the bug report to prevent
migration to testing (I also filed unblock request bugs).
Kind regards
I've backported the routine to validate certificate name, and I've made
a patch (attached).
I'm not sure it's a good idea apply the patch, it can break programs
that connect with bad hostnames (ips, host in /etc/hostname, etc)
Would you mind getting your patches for these issues reviewed
Hi Mike,
I don't understand what you expect from me.
I've uploaded the patches to the BTS, I don't know what next steep is.
I suppose a maintainer would pick it from there.
If there's something I can do let me know.
Thanks,
Alberto
El jue, 22-11-2012 a las 04:00 -0500, Michael Gilbert
El jue, 22-11-2012 a las 04:00 -0500, Michael Gilbert escribió:
I've backported the routine to validate certificate name, and I've made
a patch (attached).
I'm not sure it's a good idea apply the patch, it can break programs
that connect with bad hostnames (ips, host in /etc/hostname,
14 matches
Mail list logo