Bug#758086: CVE-2012-6153: Apache HttpComponents client: Hostname verification susceptible to MITM attack

On Mon, Dec 29, 2014 at 10:25:24PM +0100, Moritz Mühlenhoff wrote: On Mon, Sep 22, 2014 at 03:56:00PM +0200, Raphael Hertzog wrote: Hi, On Mon, 18 Aug 2014, Salvatore Bonaccorso wrote: On Thu, Aug 14, 2014 at 11:43:32PM +0200, Emmanuel Bourg wrote: Is there an example available

Bug#758086: CVE-2012-6153: Apache HttpComponents client: Hostname verification susceptible to MITM attack

Le 23/03/2015 16:43, Moritz Muehlenhoff a écrit : *ping*, the release is getting closer. I'm still missing a test case to ensure the patch does indeed address the issue. Emmanuel Bourg __ This is the maintainer address of Debian's Java team

Bug#758086: CVE-2012-6153: Apache HttpComponents client: Hostname verification susceptible to MITM attack

On 23.03.2015 17:04, Emmanuel Bourg wrote: Le 23/03/2015 16:43, Moritz Muehlenhoff a écrit : *ping*, the release is getting closer. I'm still missing a test case to ensure the patch does indeed address the issue. Hi, a way to reproduce this issue was mentioned by upstream here:

Bug#781063: commons-httpclient: should be removed from Debian during the Stretch release cycle

Source: commons-httpclient Version: 3.1-10.2 Severity: important Quoting https://hc.apache.org/httpclient-3.x/ The Commons HttpClient project is now end of life, and is no longer being developed. It has been replaced by the Apache HttpComponents project in its HttpClient and HttpCore modules,

Processed: Re: Bug#758086: CVE-2012-6153: Apache HttpComponents client: Hostname verification susceptible to MITM attack

Processing control commands: severity -1 serious Bug #758086 [commons-httpclient] CVE-2012-6153: Apache HttpComponents client: Hostname verification susceptible to MITM attack Severity set to 'serious' from 'important' tags -1 patch Bug #758086 [commons-httpclient] CVE-2012-6153: Apache