Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784
Michael Gilbert
mgilbert at debian.org
Thu Nov 22 09:00:12 UTC 2012
> I've backported the routine to validate certificate name, and I've made
> a patch (attached).
>
> I'm not sure it's a good idea apply the patch, it can break programs
> that connect with "bad" hostnames (ips, host in /etc/hostname, etc)
Would you mind getting your patches for these issues reviewed and
applied by the appropriate upstreams?
Thanks,
Mike
More information about the pkg-java-maintainers
mailing list