Author: apo-guest Date: 2015-04-16 09:52:24 +0000 (Thu, 16 Apr 2015) New Revision: 18665
Modified: trunk/commons-httpclient/debian/ant.properties trunk/commons-httpclient/debian/changelog trunk/commons-httpclient/debian/patches/series Log: Merge release 3.1-11 into trunk Modified: trunk/commons-httpclient/debian/ant.properties =================================================================== --- trunk/commons-httpclient/debian/ant.properties 2015-03-31 13:47:44 UTC (rev 18664) +++ trunk/commons-httpclient/debian/ant.properties 2015-04-16 09:52:24 UTC (rev 18665) @@ -1,5 +1,5 @@ # JSSE stub classes required for build lib.dir=/usr/share/java #jsse.jar=/usr/share/java/jsse.jar -ant.build.javac.source=1.4 -ant.build.javac.target=1.4 +ant.build.javac.source=1.5 +ant.build.javac.target=1.5 Modified: trunk/commons-httpclient/debian/changelog =================================================================== --- trunk/commons-httpclient/debian/changelog 2015-03-31 13:47:44 UTC (rev 18664) +++ trunk/commons-httpclient/debian/changelog 2015-04-16 09:52:24 UTC (rev 18665) @@ -1,4 +1,4 @@ -commons-httpclient (3.1-11) UNRELEASED; urgency=medium +commons-httpclient (3.1-12) UNRELEASED; urgency=medium [ Kumar Appaiah ] * debian/control: @@ -15,6 +15,24 @@ -- Kumar Appaiah <[email protected]> Sat, 29 Mar 2014 15:40:00 -0400 +commons-httpclient (3.1-11) unstable; urgency=high + + * Team upload. + * Add CVE-2014-3577.patch. (Closes: #758086) + It was found that the fix for CVE-2012-6153 was incomplete: the code added + to check that the server hostname matches the domain name in a subject's + Common Name (CN) field in X.509 certificates was flawed. A + man-in-the-middle attacker could use this flaw to spoof an SSL server using + a specially crafted X.509 certificate. The fix for CVE-2012-6153 was + intended to address the incomplete patch for CVE-2012-5783. The issue is + now completely resolved by applying this patch and the + 06_fix_CVE-2012-5783.patch. + * Change java.source and java.target ant properties to 1.5, otherwise + commons-httpclient will not compile with this patch. + + -- Markus Koschany <[email protected]> Mon, 23 Mar 2015 22:57:54 +0100 + + commons-httpclient (3.1-10.2) unstable; urgency=low * Non-maintainer upload. Modified: trunk/commons-httpclient/debian/patches/series =================================================================== --- trunk/commons-httpclient/debian/patches/series 2015-03-31 13:47:44 UTC (rev 18664) +++ trunk/commons-httpclient/debian/patches/series 2015-04-16 09:52:24 UTC (rev 18665) @@ -5,3 +5,4 @@ 04_fix_classpath.patch 05_osgi_metadata 06_fix_CVE-2012-5783.patch +CVE-2014-3577.patch _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
