Bug#758086: CVE-2014-3577: Apache HttpComponents hostname verification bypass
Sébastien Delafond
seb at debian.org
Wed Apr 15 19:42:47 UTC 2015
On Apr/15, Markus Koschany wrote:
> I have prepared a patch for CVE-2014-3577 (commons-httpclient). [1] The
> patch is identical to the Jessie / Sid fix. Do you consider this
> vulnerability important enough for a DSA or do you prefer a point
> release update?
Hi Markus,
this issue was marked "no-dsa" some time ago (see
https://security-tracker.debian.org/tracker/CVE-2014-3577), so a
point-release update will be the way to go.
Cheers,
--Seb
More information about the pkg-java-maintainers
mailing list