Your message dated Thu, 06 Dec 2012 11:50:21 +0000
with message-id <e1tgzy9-0003te...@franck.debian.org>
and subject line Bug#692442: fixed in commons-httpclient 3.1-10.1
has caused the Debian Bug report #692442,
regarding CVE-2012-5783: Insecure certificate validation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
692442: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692442
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: commons-httpclient
Severity: important
Tags: security
Please see Section 7.5 of this paper:
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
This has been assigned CVE-2012-5783. I'm not sure if we can backport more
correct certificate validation to 3.x, but independent of that it might
make sense to introduce the 4.x codebase to the archive?
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: commons-httpclient
Source-Version: 3.1-10.1
We believe that the bug you reported is fixed in the latest version of
commons-httpclient, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 692...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alberto Fernández Martínez <inf...@gmail.com> (supplier of updated
commons-httpclient package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 5 Dec 2012 17:28:00 +0100
Source: commons-httpclient
Binary: libcommons-httpclient-java libcommons-httpclient-java-doc
Architecture: source all
Version: 3.1-10.1
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Alberto Fernández Martínez <inf...@gmail.com>
Description:
libcommons-httpclient-java - A Java(TM) library for creating HTTP clients
libcommons-httpclient-java-doc - Documentation for libcommons-httpclient-java
Closes: 692442
Changes:
commons-httpclient (3.1-10.1) unstable; urgency=low
.
* Non-maintainer upload.
* Fix CVE-2012-5783 (Closes: #692442)
Checksums-Sha1:
0258175c67454dfd5efff9774d1bef65eec5d2e1 1745 commons-httpclient_3.1-10.1.dsc
14bb6295ef7f5154483387d8a5bbc8ca7042ed5b 12151
commons-httpclient_3.1-10.1.debian.tar.gz
10b81b5f2106f2e4f64ab3fc728095fd9386fd61 309558
libcommons-httpclient-java_3.1-10.1_all.deb
9444f99b8bbec97f7a10681d1e079ea68fef8af0 1543222
libcommons-httpclient-java-doc_3.1-10.1_all.deb
Checksums-Sha256:
c1a783a2505e0b04ff539809f661a7c1c272c1804f492257fcc7142bb01bff2d 1745
commons-httpclient_3.1-10.1.dsc
f79c86df377545c17eb24a41636b15247830bf139c3d3a531377855cd3e5dadf 12151
commons-httpclient_3.1-10.1.debian.tar.gz
fd691dc0b473d501dc7758ea7e4c152c1f6b11f5cdce610969ed9148c9e5cf88 309558
libcommons-httpclient-java_3.1-10.1_all.deb
551d03ad3bcd69806c8d722b3ccc8061456b6dc57863d5feb547c9cb0e185a8d 1543222
libcommons-httpclient-java-doc_3.1-10.1_all.deb
Files:
09c4b9cce86c396bad8e8c273aa133e6 1745 java optional
commons-httpclient_3.1-10.1.dsc
eac0c70c4334412415d1237d9f0177ed 12151 java optional
commons-httpclient_3.1-10.1.debian.tar.gz
6fb8cd37723cde05e38fc24cc45d8950 309558 java optional
libcommons-httpclient-java_3.1-10.1_all.deb
c245d7de16d413eec2d71d251496bfda 1543222 doc optional
libcommons-httpclient-java-doc_3.1-10.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlC/wjsACgkQYDBbMcCf01o2nQCfQjz11XBVYcNNOF/8JJSV4qM2
ZxwAn167iflFiqPRfouFsE61AAKyIG7p
=4eF1
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
