axis_1.4-16.2+deb7u1_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Oct 3 13:17:06 UTC 2014
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 02 Oct 2014 22:13:16 +0200
Source: axis
Binary: libaxis-java libaxis-java-doc
Architecture: source all
Version: 1.4-16.2+deb7u1
Distribution: stable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at gambaru.de>
Description:
libaxis-java - SOAP implementation in Java
libaxis-java-doc - SOAP implementation in Java (documentation)
Changes:
axis (1.4-16.2+deb7u1) stable; urgency=high
.
* Team upload.
* Fix CVE-2014-3596.
- Replace 06-fix-CVE-2012-5784.patch with CVE-2014-3596.patch which fixes
both CVE issues. Thanks to Raphael Hertzog for the report.
- The getCN function in Apache Axis 1.4 and earlier does not properly
verify that the server hostname matches a domain name in the subject's
Common Name (CN) or subjectAltName field of the X.509 certificate,
which allows man-in-the-middle attackers to spoof SSL servers via a
certificate with a subject that specifies a common name in a field
that is not the CN field. NOTE: this issue exists because of an
incomplete fix for CVE-2012-5784.
Checksums-Sha1:
98b27161f8cbaeb9b06472eb7d9d5c046112ca34 2270 axis_1.4-16.2+deb7u1.dsc
d8151a6efda52eed409db865bd3602f1ed247b2b 5295544 axis_1.4.orig.tar.gz
a209f058e95ab2aa65b25ee8135f6fe1dbf9ef2d 12734 axis_1.4-16.2+deb7u1.debian.tar.gz
b61f866a4af1555f316031856252c6cac72bb70b 1495834 libaxis-java_1.4-16.2+deb7u1_all.deb
963b8b81f4295df9956a5e3d081e824b3836e2c9 2032638 libaxis-java-doc_1.4-16.2+deb7u1_all.deb
Checksums-Sha256:
158ebe1741aab48fd3634c91fe76b75c765181f64c988ca67f84a783f43895d4 2270 axis_1.4-16.2+deb7u1.dsc
9c6fd085bf83c76162c186ef755b05bb3cca68ab5ff66d47dcf69efda072ab74 5295544 axis_1.4.orig.tar.gz
62c1f297ad7c31a6f288944d5ba651d2e998538908d0b83bfd853d9f9e322359 12734 axis_1.4-16.2+deb7u1.debian.tar.gz
41060fb74fedb872f882c3751f5f175d1ed0d5c9312762fed29b99d157d570d0 1495834 libaxis-java_1.4-16.2+deb7u1_all.deb
38915e26b915f55a13b20a585813d0e492100a6839233b2e45b5fab7329615ef 2032638 libaxis-java-doc_1.4-16.2+deb7u1_all.deb
Files:
b6f2d2d7d6fe45d8a1b1ffd908e4068f 2270 java optional axis_1.4-16.2+deb7u1.dsc
6fd3b673a4de3609394f492748b1f3f1 5295544 java optional axis_1.4.orig.tar.gz
1e19d9e421ffc982d188ee5ca2e6ccb0 12734 java optional axis_1.4-16.2+deb7u1.debian.tar.gz
e5b55ce5c82a6d9c42980fec3abf152c 1495834 java optional libaxis-java_1.4-16.2+deb7u1_all.deb
65fd601ff383fdf96b7ec4d45c02b433 2032638 doc optional libaxis-java-doc_1.4-16.2+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJULgHYAAoJEGIODQuJV82lubYP/06T9xLom0mtwolbbvKbZuik
L7SkT2mYa2bJ0vDqiXsiPI8uzFN/5BUH10FSEsrbvMikhhR6rCOWt9D5ad0cY4Rr
TlsMf8rVXx4q658qf7jNCAuMD/Jriz4Rje7YgAkYDJfARuoqbhgeMMRGBocUz+k4
WCXslmHPgOauUTHYyZpwJepePn0HJHwtBdCvICI/0aBRygVVqW1wN8eXZDg6JPhg
0Es9P2Bu2852UPyZDLvP/3/d87uxEjlJEnVzkcOYkCbeRLgJ4ihDhaLYHIoDRpu5
2vRmc5OQc2MtRi0CHU4tqR0msqhsVe4wbJ0fAqy6nfLzXWp7hryYCCYtCBT2dJGQ
XvUtRaRMtJrTko5CK1xjnCnG+TsBQ516HIjDG+VG5MDvg5pI4hyD2CfGtqQG054/
G6qq+TFphT/nRMIwj+kl732HvBW+oRcf73NygeifYZbkINLhhdH/og+cV6NotmBw
7/qvGqB9tTi5vRkoeYGI2DDGimNfQbCr8AZ9Veo7go1Q/r+DGhKG2AGnIPH7ttMq
05HE3o5Mw3AEUr1gP5JXx8VSIdW230kFGwLiSjYIKSfrcVb9mKfyDM56dUNSEOaU
R0Pw+UXieueAAIgOBsEcLQnzjTO5lWATUcCHje+3+JnXKKsY0tflayC+WY+xCHpF
rSIFeK09crthAPXH5lmR
=FX+k
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list