[pkg-java] r18665 - in trunk/commons-httpclient/debian: . patches
Markus Koschany
apo-guest at moszumanska.debian.org
Thu Apr 16 09:52:24 UTC 2015
Author: apo-guest
Date: 2015-04-16 09:52:24 +0000 (Thu, 16 Apr 2015)
New Revision: 18665
Modified:
trunk/commons-httpclient/debian/ant.properties
trunk/commons-httpclient/debian/changelog
trunk/commons-httpclient/debian/patches/series
Log:
Merge release 3.1-11 into trunk
Modified: trunk/commons-httpclient/debian/ant.properties
===================================================================
--- trunk/commons-httpclient/debian/ant.properties 2015-03-31 13:47:44 UTC (rev 18664)
+++ trunk/commons-httpclient/debian/ant.properties 2015-04-16 09:52:24 UTC (rev 18665)
@@ -1,5 +1,5 @@
# JSSE stub classes required for build
lib.dir=/usr/share/java
#jsse.jar=/usr/share/java/jsse.jar
-ant.build.javac.source=1.4
-ant.build.javac.target=1.4
+ant.build.javac.source=1.5
+ant.build.javac.target=1.5
Modified: trunk/commons-httpclient/debian/changelog
===================================================================
--- trunk/commons-httpclient/debian/changelog 2015-03-31 13:47:44 UTC (rev 18664)
+++ trunk/commons-httpclient/debian/changelog 2015-04-16 09:52:24 UTC (rev 18665)
@@ -1,4 +1,4 @@
-commons-httpclient (3.1-11) UNRELEASED; urgency=medium
+commons-httpclient (3.1-12) UNRELEASED; urgency=medium
[ Kumar Appaiah ]
* debian/control:
@@ -15,6 +15,24 @@
-- Kumar Appaiah <akumar at debian.org> Sat, 29 Mar 2014 15:40:00 -0400
+commons-httpclient (3.1-11) unstable; urgency=high
+
+ * Team upload.
+ * Add CVE-2014-3577.patch. (Closes: #758086)
+ It was found that the fix for CVE-2012-6153 was incomplete: the code added
+ to check that the server hostname matches the domain name in a subject's
+ Common Name (CN) field in X.509 certificates was flawed. A
+ man-in-the-middle attacker could use this flaw to spoof an SSL server using
+ a specially crafted X.509 certificate. The fix for CVE-2012-6153 was
+ intended to address the incomplete patch for CVE-2012-5783. The issue is
+ now completely resolved by applying this patch and the
+ 06_fix_CVE-2012-5783.patch.
+ * Change java.source and java.target ant properties to 1.5, otherwise
+ commons-httpclient will not compile with this patch.
+
+ -- Markus Koschany <apo at gambaru.de> Mon, 23 Mar 2015 22:57:54 +0100
+
+
commons-httpclient (3.1-10.2) unstable; urgency=low
* Non-maintainer upload.
Modified: trunk/commons-httpclient/debian/patches/series
===================================================================
--- trunk/commons-httpclient/debian/patches/series 2015-03-31 13:47:44 UTC (rev 18664)
+++ trunk/commons-httpclient/debian/patches/series 2015-04-16 09:52:24 UTC (rev 18665)
@@ -5,3 +5,4 @@
04_fix_classpath.patch
05_osgi_metadata
06_fix_CVE-2012-5783.patch
+CVE-2014-3577.patch
More information about the pkg-java-commits
mailing list