[Secure-testing-commits] r33374 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Apr 4 04:19:45 UTC 2015
Author: carnil
Date: 2015-04-04 04:19:44 +0000 (Sat, 04 Apr 2015)
New Revision: 33374
Modified:
data/CVE/list
Log:
Update status for commons-httpclient CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-04 03:59:04 UTC (rev 33373)
+++ data/CVE/list 2015-04-04 04:19:44 UTC (rev 33374)
@@ -23232,6 +23232,8 @@
- httpcomponents-client 4.3.5-1
[wheezy] - httpcomponents-client <no-dsa> (Minor issue)
[squeeze] - httpcomponents-client <no-dsa> (Minor issue)
+ - commons-httpclient <unfixed> (bug #758086)
+ NOTE: See https://bugs.debian.org/758086#59 for full details.
CVE-2014-3576
RESERVED
CVE-2014-3575 (The OLE preview generation in Apache OpenOffice before 4.1.1 and ...)
@@ -53323,10 +53325,7 @@
CVE-2012-6154
RESERVED
CVE-2012-6153 (http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient ...)
- - commons-httpclient <unfixed> (bug #758086)
- NOTE: Debian still uses the patch for CVE-2012-5783 while RedHat did
- NOTE: release new packages with a supplementary patch:
- NOTE: https://git.centos.org/blob/rpms!jakarta-commons-httpclient/5acb7f7b3e637c3a6d072e3f037a3c4abb6c48af/SOURCES!jakarta-commons-httpclient-CVE-2014-3577.patch
+ - commons-httpclient 3.1-10.2 (bug #692442)
NOTE: References to upstream patches for 4.x can be found in https://issues.apache.org/jira/browse/HTTPCLIENT-1549
CVE-2012-6152 (The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does ...)
- pidgin 2.10.8-1
More information about the Secure-testing-commits
mailing list