Bug#758086: CVE-2012-6153: Apache HttpComponents client: Hostname verification susceptible to MITM attack
Salvatore Bonaccorso
carnil at debian.org
Mon Aug 18 20:26:40 UTC 2014
Hi Emanuel,
On Thu, Aug 14, 2014 at 11:43:32PM +0200, Emmanuel Bourg wrote:
> Hi Henri,
>
> Thank you for the report.
>
> Is there an example available somewhere of a subject improperly parsed
> by commons-httpclient/3.1-10.2? This would help backporting the fix to
> this version.
I think this is already fixed in 3.1-10.2, see the Red Hat bug as
reference and See https://bugs.debian.org/692442#56 and and following
mails.
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list