Hi.
Both patches attached at upstream JIRA and reopened HTTPCLIENT-1265.
Waiting for response.
Kind regards
Alberto
__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers.
Please use
debian-j...@lists.debian.org for
Thanks Alberto! Could I ask that to finalize this, you attach both
revised patches to the upstream bugs (HTTPCLIENT-1265 and AXIS-2883) and
ask upstream to commit them?
Thanks again
David
On 12/07/2012 04:02 AM, Alberto Fernández wrote:
Hi
I've uploaded new packages to mentors. I'll be out
Hi All,
I've prepared the patch with the problem pointed by David fixed (thanks
David). It also fixes a bug related to wildcard certificates.
The first patch is backported from httpclient 4.0 and apache synapse.
This second patch backports some fixes from httpclient 4.2
The patch differ a lot
Hi Alberto,
thanks for your continuous work on this. As I said in my previous mail
please remember to reopen the according bugs to make sure the previous
solution will not migrate to testing. I'll volunteer to sponsor your
new version if you confirm that this is needed to finally fix the issue.
Hi,
On Thu, Dec 06, 2012 at 07:02:54PM +0100, Alberto Fernández wrote:
Hi
I've uploaded new packages to mentors. I'll be out until Monday, so feel
free to review the patches and sponsor the new version if all you are
confident it's all ok
I admit I'm no Java programmer and I do not feel
Hi Alberto,
On Wed, Dec 05, 2012 at 06:01:51PM +0100, Alberto Fernández wrote:
I've uploaded the two packages to mentors.debian.net.
We must solve the two bugs at the same time because axis uses
commons-httpclient.
I guess you mean bug #692442, right?
Upstream seems End-of-life and
Hi Andreas
I've uploaded both packages to mentors.
commons-httpclient - bug #692442 CVE-2012-5783
axis - bug #692650 CVE-2012-5784
Since axis uses commons-httpclient, we need fix and upload both
packages.
Upstream has ignored axis patch, and rejected commons-httpclient patch.
Basically, they
Hi Andreas
I've uploaded both packages to mentors.
commons-httpclient - bug #692442 CVE-2012-5783
axis - bug #692650 CVE-2012-5784
Since axis uses commons-httpclient, we need fix and upload both
packages.
Upstream has ignored axis patch, and rejected commons-httpclient patch.
I've backported the routine to validate certificate name, and I've made
a patch (attached).
I'm not sure it's a good idea apply the patch, it can break programs
that connect with bad hostnames (ips, host in /etc/hostname, etc)
Would you mind getting your patches for these issues reviewed
Hi Mike,
I don't understand what you expect from me.
I've uploaded the patches to the BTS, I don't know what next steep is.
I suppose a maintainer would pick it from there.
If there's something I can do let me know.
Thanks,
Alberto
El jue, 22-11-2012 a las 04:00 -0500, Michael Gilbert
El jue, 22-11-2012 a las 04:00 -0500, Michael Gilbert escribió:
I've backported the routine to validate certificate name, and I've made
a patch (attached).
I'm not sure it's a good idea apply the patch, it can break programs
that connect with bad hostnames (ips, host in /etc/hostname,
11 matches
Mail list logo
