[commons-httpclient] 56/66: Merge release 3.1-11 into trunk

Emmanuel Bourg ebourg-guest at moszumanska.debian.org
Tue Jul 4 08:04:06 UTC 2017 

This is an automated email from the git hooks/post-receive script.

ebourg-guest pushed a commit to branch master
in repository commons-httpclient.

commit b4ccaa41b21b6d8b046eb65a8ece64754e042005
Author: Markus Koschany <apo at debian.org>
Date:   Thu Apr 16 09:52:24 2015 +0000

    Merge release 3.1-11 into trunk
---
 debian/ant.properties |  4 ++--
 debian/changelog      | 20 +++++++++++++++++++-
 debian/patches/series |  1 +
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/debian/ant.properties b/debian/ant.properties
index 83436ca..02c8209 100644
--- a/debian/ant.properties
+++ b/debian/ant.properties
@@ -1,5 +1,5 @@
 # JSSE stub classes required for build
 lib.dir=/usr/share/java
 #jsse.jar=/usr/share/java/jsse.jar
-ant.build.javac.source=1.4
-ant.build.javac.target=1.4
+ant.build.javac.source=1.5
+ant.build.javac.target=1.5
diff --git a/debian/changelog b/debian/changelog
index 457855c..463230f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-commons-httpclient (3.1-11) UNRELEASED; urgency=medium
+commons-httpclient (3.1-12) UNRELEASED; urgency=medium
 
   [ Kumar Appaiah ]
   * debian/control:
@@ -15,6 +15,24 @@ commons-httpclient (3.1-11) UNRELEASED; urgency=medium
 
  -- Kumar Appaiah <akumar at debian.org>  Sat, 29 Mar 2014 15:40:00 -0400
 
+commons-httpclient (3.1-11) unstable; urgency=high
+
+  * Team upload.
+  * Add CVE-2014-3577.patch. (Closes: #758086)
+    It was found that the fix for CVE-2012-6153 was incomplete: the code added
+    to check that the server hostname matches the domain name in a subject's
+    Common Name (CN) field in X.509 certificates was flawed. A
+    man-in-the-middle attacker could use this flaw to spoof an SSL server using
+    a specially crafted X.509 certificate. The fix for CVE-2012-6153 was
+    intended to address the incomplete patch for CVE-2012-5783. The issue is
+    now completely resolved by applying this patch and the
+    06_fix_CVE-2012-5783.patch.
+  * Change java.source and java.target ant properties to 1.5, otherwise
+    commons-httpclient will not compile with this patch.
+
+ -- Markus Koschany <apo at gambaru.de>  Mon, 23 Mar 2015 22:57:54 +0100
+
+
 commons-httpclient (3.1-10.2) unstable; urgency=low
 
   * Non-maintainer upload.
diff --git a/debian/patches/series b/debian/patches/series
index ca273f1..959af1a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@
 04_fix_classpath.patch
 05_osgi_metadata
 06_fix_CVE-2012-5783.patch
+CVE-2014-3577.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/commons-httpclient.git

More information about the pkg-java-commits mailing list