[Secure-testing-commits] r28955 - in data: . CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Mon Sep 22 13:40:52 UTC 2014
Author: hertzog
Date: 2014-09-22 13:40:52 +0000 (Mon, 22 Sep 2014)
New Revision: 28955
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Update infos for CVE-2012-6153/commons-httpclient
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-22 13:00:19 UTC (rev 28954)
+++ data/CVE/list 2014-09-22 13:40:52 UTC (rev 28955)
@@ -36707,9 +36707,11 @@
CVE-2012-6154
RESERVED
CVE-2012-6153 (http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient ...)
- - commons-httpclient 3.1-10.2 (bug #758086)
- NOTE: See https://bugs.debian.org/692442#56 and ff.
- NOTE: https://svn.apache.org/viewvc?view=revision&revision=1411705
+ - commons-httpclient <unfixed> (bug #758086)
+ NOTE: Debian still uses the patch for CVE-2012-5783 while RedHat did
+ NOTE: release new packages with a supplementary patch:
+ NOTE: https://git.centos.org/blob/rpms!jakarta-commons-httpclient/5acb7f7b3e637c3a6d072e3f037a3c4abb6c48af/SOURCES!jakarta-commons-httpclient-CVE-2014-3577.patch
+ NOTE: References to upstream patches for 4.x can be found in https://issues.apache.org/jira/browse/HTTPCLIENT-1549
CVE-2012-6152 (The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does ...)
- pidgin 2.10.8-1
[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2014-09-22 13:00:19 UTC (rev 28954)
+++ data/dla-needed.txt 2014-09-22 13:40:52 UTC (rev 28955)
@@ -15,6 +15,8 @@
--
commons-beanutils
--
+commons-httpclient
+--
curl (Thorsten Alteholz)
--
evince
More information about the Secure-testing-commits
mailing list