axis_1.4-16.2+deb7u1_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

Debian FTP Masters ftpmaster at ftp-master.debian.org
Fri Oct 3 13:17:06 UTC 2014



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 02 Oct 2014 22:13:16 +0200
Source: axis
Binary: libaxis-java libaxis-java-doc
Architecture: source all
Version: 1.4-16.2+deb7u1
Distribution: stable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at gambaru.de>
Description: 
 libaxis-java - SOAP implementation in Java
 libaxis-java-doc - SOAP implementation in Java (documentation)
Changes: 
 axis (1.4-16.2+deb7u1) stable; urgency=high
 .
   * Team upload.
   * Fix CVE-2014-3596.
     - Replace 06-fix-CVE-2012-5784.patch with CVE-2014-3596.patch which fixes
       both CVE issues. Thanks to Raphael Hertzog for the report.
     - The getCN function in Apache Axis 1.4 and earlier does not properly
       verify that the server hostname matches a domain name in the subject's
       Common Name (CN) or subjectAltName field of the X.509 certificate,
       which allows man-in-the-middle attackers to spoof SSL servers via a
       certificate with a subject that specifies a common name in a field
       that is not the CN field. NOTE: this issue exists because of an
       incomplete fix for CVE-2012-5784.
Checksums-Sha1: 
 98b27161f8cbaeb9b06472eb7d9d5c046112ca34 2270 axis_1.4-16.2+deb7u1.dsc
 d8151a6efda52eed409db865bd3602f1ed247b2b 5295544 axis_1.4.orig.tar.gz
 a209f058e95ab2aa65b25ee8135f6fe1dbf9ef2d 12734 axis_1.4-16.2+deb7u1.debian.tar.gz
 b61f866a4af1555f316031856252c6cac72bb70b 1495834 libaxis-java_1.4-16.2+deb7u1_all.deb
 963b8b81f4295df9956a5e3d081e824b3836e2c9 2032638 libaxis-java-doc_1.4-16.2+deb7u1_all.deb
Checksums-Sha256: 
 158ebe1741aab48fd3634c91fe76b75c765181f64c988ca67f84a783f43895d4 2270 axis_1.4-16.2+deb7u1.dsc
 9c6fd085bf83c76162c186ef755b05bb3cca68ab5ff66d47dcf69efda072ab74 5295544 axis_1.4.orig.tar.gz
 62c1f297ad7c31a6f288944d5ba651d2e998538908d0b83bfd853d9f9e322359 12734 axis_1.4-16.2+deb7u1.debian.tar.gz
 41060fb74fedb872f882c3751f5f175d1ed0d5c9312762fed29b99d157d570d0 1495834 libaxis-java_1.4-16.2+deb7u1_all.deb
 38915e26b915f55a13b20a585813d0e492100a6839233b2e45b5fab7329615ef 2032638 libaxis-java-doc_1.4-16.2+deb7u1_all.deb
Files: 
 b6f2d2d7d6fe45d8a1b1ffd908e4068f 2270 java optional axis_1.4-16.2+deb7u1.dsc
 6fd3b673a4de3609394f492748b1f3f1 5295544 java optional axis_1.4.orig.tar.gz
 1e19d9e421ffc982d188ee5ca2e6ccb0 12734 java optional axis_1.4-16.2+deb7u1.debian.tar.gz
 e5b55ce5c82a6d9c42980fec3abf152c 1495834 java optional libaxis-java_1.4-16.2+deb7u1_all.deb
 65fd601ff383fdf96b7ec4d45c02b433 2032638 doc optional libaxis-java-doc_1.4-16.2+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJULgHYAAoJEGIODQuJV82lubYP/06T9xLom0mtwolbbvKbZuik
L7SkT2mYa2bJ0vDqiXsiPI8uzFN/5BUH10FSEsrbvMikhhR6rCOWt9D5ad0cY4Rr
TlsMf8rVXx4q658qf7jNCAuMD/Jriz4Rje7YgAkYDJfARuoqbhgeMMRGBocUz+k4
WCXslmHPgOauUTHYyZpwJepePn0HJHwtBdCvICI/0aBRygVVqW1wN8eXZDg6JPhg
0Es9P2Bu2852UPyZDLvP/3/d87uxEjlJEnVzkcOYkCbeRLgJ4ihDhaLYHIoDRpu5
2vRmc5OQc2MtRi0CHU4tqR0msqhsVe4wbJ0fAqy6nfLzXWp7hryYCCYtCBT2dJGQ
XvUtRaRMtJrTko5CK1xjnCnG+TsBQ516HIjDG+VG5MDvg5pI4hyD2CfGtqQG054/
G6qq+TFphT/nRMIwj+kl732HvBW+oRcf73NygeifYZbkINLhhdH/og+cV6NotmBw
7/qvGqB9tTi5vRkoeYGI2DDGimNfQbCr8AZ9Veo7go1Q/r+DGhKG2AGnIPH7ttMq
05HE3o5Mw3AEUr1gP5JXx8VSIdW230kFGwLiSjYIKSfrcVb9mKfyDM56dUNSEOaU
R0Pw+UXieueAAIgOBsEcLQnzjTO5lWATUcCHje+3+JnXKKsY0tflayC+WY+xCHpF
rSIFeK09crthAPXH5lmR
=FX+k
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the pkg-java-maintainers mailing list