Package: httpcomponents-client / 4.1.1-2+deb7u1
Metadata
Package | Version | Patches format |
---|---|---|
httpcomponents-client | 4.1.1-2+deb7u1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
00 fix_build.patch | (download) |
pom.xml |
2 2 + 0 - 0 ! |
disable build of httpclient-osgi |
01 generate_osgi_metadata.patch | (download) |
httpclient/pom.xml |
67 60 + 7 - 0 ! |
generate-osgi-metadata |
CVE 2012 6153.patch | (download) |
httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java |
14 8 + 6 - 0 ! |
cve-2012-6153 It was found that the fix for CVE-2012-5783 was incomplete. The code added to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack, where the attacker can spoof a valid certificate using a specially crafted subject. Fix for 4.2.x branch, upstream revision 1411705 https://svn.apache.org/viewvc?view=revision&revision=1411705 More information: https://bugzilla.redhat.com/show_bug.cgi?id=1129916 |
CVE 2014 3577.patch | (download) |
httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java |
85 43 + 42 - 0 ! |
cve-2014-3577 It was found that the fix for CVE-2012-6153 was incomplete. The code added to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can spoof a valid certificate using a specially crafted subject. This patch was taken from |
1