[Secure-testing-commits] r37510 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Nov 2 16:55:42 UTC 2015
Author: carnil
Date: 2015-11-02 16:55:42 +0000 (Mon, 02 Nov 2015)
New Revision: 37510
Modified:
data/CVE/list
Log:
Add fixed version for CVE-2015-5262/commons-httpclient, #798650
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-02 16:12:10 UTC (rev 37509)
+++ data/CVE/list 2015-11-02 16:55:42 UTC (rev 37510)
@@ -7039,7 +7039,7 @@
- httpcomponents-client 4.3.6-1 (low)
[squeeze] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
[wheezy] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
- - commons-httpclient <unfixed> (bug #798650)
+ - commons-httpclient 3.1-12 (bug #798650)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1261538
NOTE: https://issues.apache.org/jira/browse/HTTPCLIENT-1478 says it's really fixed in 4.3.6 and that 4.2.x did not have this bug.
NOTE: Proposed patch for commons-httpclient: https://bugzilla.redhat.com/show_bug.cgi?id=1259892
More information about the Secure-testing-commits
mailing list