Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784
Alberto Fernández
infjaf at gmail.com
Thu Nov 22 17:37:26 UTC 2012
Hi Mike,
I don't understand what you expect from me.
I've uploaded the patches to the BTS, I don't know what next steep is.
I suppose a maintainer would pick it from there.
If there's something I can do let me know.
Thanks,
Alberto
El jue, 22-11-2012 a las 04:00 -0500, Michael Gilbert escribió:
> > I've backported the routine to validate certificate name, and I've made
> > a patch (attached).
> >
> > I'm not sure it's a good idea apply the patch, it can break programs
> > that connect with "bad" hostnames (ips, host in /etc/hostname, etc)
>
> Would you mind getting your patches for these issues reviewed and
> applied by the appropriate upstreams?
>
> Thanks,
> Mike
More information about the pkg-java-maintainers
mailing list