Bug#793770: Cookie parsing bug may lead to 'HttpOnly' cookie bypass (CVE-2015-2156)

Emmanuel Bourg ebourg at apache.org
Mon Jan 9 23:09:09 UTC 2017

Previous message: Processed: Re: Cookie parsing bug may lead to 'HttpOnly' cookie bypass (CVE-2015-2156)
Next message: reproducible.debian.net status changes for tika
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le 9/01/2017 à 23:37, Moritz Muehlenhoff a écrit :

> This is unfixed with a patch for nearly 1.5 years, can we please get this
> fixed for the stretch release.

Hi Moritz,

Thank you for the reminder. The fix was backported in the version 3.9.7.
I'll update the package to the latest 3.9.x version.

Emmanuel Bourg

Previous message: Processed: Re: Cookie parsing bug may lead to 'HttpOnly' cookie bypass (CVE-2015-2156)
Next message: reproducible.debian.net status changes for tika
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the pkg-java-maintainers mailing list