[Secure-testing-commits] r38660 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Jan 3 09:02:58 UTC 2016
Author: carnil
Date: 2016-01-03 09:02:58 +0000 (Sun, 03 Jan 2016)
New Revision: 38660
Modified:
data/CVE/list
Log:
Mark CVE-2015-5262/commons-httpclient as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-03 06:41:21 UTC (rev 38659)
+++ data/CVE/list 2016-01-03 09:02:58 UTC (rev 38660)
@@ -12230,6 +12230,8 @@
[squeeze] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
[wheezy] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
- commons-httpclient 3.1-12 (bug #798650)
+ [jessie] - commons-httpclient <no-dsa> (Will be fixed in a point release)
+ [wheezy] - commons-httpclient <no-dsa> (Will be fixed in a point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1261538
NOTE: https://issues.apache.org/jira/browse/HTTPCLIENT-1478 says it's really fixed in 4.3.6 and that 4.2.x did not have this bug.
NOTE: Proposed patch for commons-httpclient: https://bugzilla.redhat.com/show_bug.cgi?id=1259892
More information about the Secure-testing-commits
mailing list