[pkg-java] r18665 - in trunk/commons-httpclient/debian: . patches

Markus Koschany apo-guest at moszumanska.debian.org
Thu Apr 16 09:52:24 UTC 2015 

Author: apo-guest
Date: 2015-04-16 09:52:24 +0000 (Thu, 16 Apr 2015)
New Revision: 18665

Modified:
   trunk/commons-httpclient/debian/ant.properties
   trunk/commons-httpclient/debian/changelog
   trunk/commons-httpclient/debian/patches/series
Log:
Merge release 3.1-11 into trunk


Modified: trunk/commons-httpclient/debian/ant.properties
===================================================================
--- trunk/commons-httpclient/debian/ant.properties	2015-03-31 13:47:44 UTC (rev 18664)
+++ trunk/commons-httpclient/debian/ant.properties	2015-04-16 09:52:24 UTC (rev 18665)
@@ -1,5 +1,5 @@
 # JSSE stub classes required for build
 lib.dir=/usr/share/java
 #jsse.jar=/usr/share/java/jsse.jar
-ant.build.javac.source=1.4
-ant.build.javac.target=1.4
+ant.build.javac.source=1.5
+ant.build.javac.target=1.5

Modified: trunk/commons-httpclient/debian/changelog
===================================================================
--- trunk/commons-httpclient/debian/changelog	2015-03-31 13:47:44 UTC (rev 18664)
+++ trunk/commons-httpclient/debian/changelog	2015-04-16 09:52:24 UTC (rev 18665)
@@ -1,4 +1,4 @@
-commons-httpclient (3.1-11) UNRELEASED; urgency=medium
+commons-httpclient (3.1-12) UNRELEASED; urgency=medium
 
   [ Kumar Appaiah ]
   * debian/control:
@@ -15,6 +15,24 @@
 
  -- Kumar Appaiah <akumar at debian.org>  Sat, 29 Mar 2014 15:40:00 -0400
 
+commons-httpclient (3.1-11) unstable; urgency=high
+
+  * Team upload.
+  * Add CVE-2014-3577.patch. (Closes: #758086)
+    It was found that the fix for CVE-2012-6153 was incomplete: the code added
+    to check that the server hostname matches the domain name in a subject's
+    Common Name (CN) field in X.509 certificates was flawed. A
+    man-in-the-middle attacker could use this flaw to spoof an SSL server using
+    a specially crafted X.509 certificate. The fix for CVE-2012-6153 was
+    intended to address the incomplete patch for CVE-2012-5783. The issue is
+    now completely resolved by applying this patch and the
+    06_fix_CVE-2012-5783.patch.
+  * Change java.source and java.target ant properties to 1.5, otherwise
+    commons-httpclient will not compile with this patch.
+
+ -- Markus Koschany <apo at gambaru.de>  Mon, 23 Mar 2015 22:57:54 +0100
+
+
 commons-httpclient (3.1-10.2) unstable; urgency=low
 
   * Non-maintainer upload.

Modified: trunk/commons-httpclient/debian/patches/series
===================================================================
--- trunk/commons-httpclient/debian/patches/series	2015-03-31 13:47:44 UTC (rev 18664)
+++ trunk/commons-httpclient/debian/patches/series	2015-04-16 09:52:24 UTC (rev 18665)
@@ -5,3 +5,4 @@
 04_fix_classpath.patch
 05_osgi_metadata
 06_fix_CVE-2012-5783.patch
+CVE-2014-3577.patch

More information about the pkg-java-commits mailing list