Hi All,
I've prepared the patch with the problem pointed by David fixed (thanks
David). It also fixes a bug related to wildcard certificates.
The first patch is backported from httpclient 4.0 and apache synapse.
This second patch backports some fixes from httpclient 4.2
The patch differ a lot
Hi Alberto,
thanks for your continuous work on this. As I said in my previous mail
please remember to reopen the according bugs to make sure the previous
solution will not migrate to testing. I'll volunteer to sponsor your
new version if you confirm that this is needed to finally fix the issue.
Hi
I've uploaded new packages to mentors. I'll be out until Monday, so feel
free to review the patches and sponsor the new version if all you are
confident it's all ok
I think now it's fine , but if you find some other bug or improvement,
I'll be happy to correct it.
I'll insist next week
Hi,
On Thu, Dec 06, 2012 at 07:02:54PM +0100, Alberto Fernández wrote:
Hi
I've uploaded new packages to mentors. I'll be out until Monday, so feel
free to review the patches and sponsor the new version if all you are
confident it's all ok
I admit I'm no Java programmer and I do not feel
Hi
I've reopened the two bugs.
The first patch was incomplete, as pointed by David and by other bug
i've found reviewing the code.
The bug pointed by David can occur in some rare cases where the CA
issues malformed certificates. It's rare, but there are may CA...
The other bug it's about
Hi,
seems the package is ready for an upload. Any reason why this is not
done? I could sponsor an upload or NMU if this would help.
Kind regards
Andreas.
--
http://fam-tille.de
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe.
Hi,
I've uploaded the two packages to mentors.debian.net.
We must solve the two bugs at the same time because axis uses
commons-httpclient.
Upstream seems End-of-life and rejected the patches.
El mié, 05-12-2012 a las 16:43 +0100, Andreas Tille escribió:
Hi,
seems the package is ready for
Hi Alberto,
On Wed, Dec 05, 2012 at 06:01:51PM +0100, Alberto Fernández wrote:
I've uploaded the two packages to mentors.debian.net.
We must solve the two bugs at the same time because axis uses
commons-httpclient.
I guess you mean bug #692442, right?
Upstream seems End-of-life and
Hi Andreas
I've uploaded both packages to mentors.
commons-httpclient - bug #692442 CVE-2012-5783
axis - bug #692650 CVE-2012-5784
Since axis uses commons-httpclient, we need fix and upload both
packages.
Upstream has ignored axis patch, and rejected commons-httpclient patch.
Basically, they
Hi Andreas
I've uploaded both packages to mentors.
commons-httpclient - bug #692442 CVE-2012-5783
axis - bug #692650 CVE-2012-5784
Since axis uses commons-httpclient, we need fix and upload both
packages.
Upstream has ignored axis patch, and rejected commons-httpclient patch.
Hi All
The upstream patch for CVE-2012-5783 referred to in Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=873317#c3
Is the 4.x patch. As you've noted, there is no 3.x patch available and
upstream won't provide one because it is EOL. I think Alberto's patch
looks sane (from a
Hi,
thanks for the additional information. Please note that I uploaded the
NMUed packages yesterday. In case the just one small issue mentioned
by David below is serious above please reopen the bug report to prevent
migration to testing (I also filed unblock request bugs).
Kind regards
I've backported the routine to validate certificate name, and I've made
a patch (attached).
I'm not sure it's a good idea apply the patch, it can break programs
that connect with bad hostnames (ips, host in /etc/hostname, etc)
Would you mind getting your patches for these issues reviewed
Hi Mike,
I don't understand what you expect from me.
I've uploaded the patches to the BTS, I don't know what next steep is.
I suppose a maintainer would pick it from there.
If there's something I can do let me know.
Thanks,
Alberto
El jue, 22-11-2012 a las 04:00 -0500, Michael Gilbert
El jue, 22-11-2012 a las 04:00 -0500, Michael Gilbert escribió:
I've backported the routine to validate certificate name, and I've made
a patch (attached).
I'm not sure it's a good idea apply the patch, it can break programs
that connect with bad hostnames (ips, host in /etc/hostname,
15 matches
Mail list logo
