Branches for Precise

Name Status Last Modified Last Commit
lp:ubuntu/precise/commons-httpclient 2 Mature 2011-10-13 19:07:37 UTC 2011-10-13
10. [ Damien Raude-Morvan ] * Remove Arna...

Author: Torsten Werner
Revision Date: 2011-08-30 11:47:01 UTC

[ Damien Raude-Morvan ]
* Remove Arnaud Vandyck from Uploaders
* d/control: Drop Depends on any JRE as a Java library don't need to
  depends on a runtime (Java Policy)

[ Torsten Werner ]
* Switch to source format 3.0.
* Update Standards-Version: 3.9.1.
* Remove Barry from Uploaders list.

lp:ubuntu/precise-security/commons-httpclient 2 Mature 2015-10-14 15:26:55 UTC 2015-10-14
11. * SECURITY UPDATE: improper certifica...

Author: Marc Deslauriers
Revision Date: 2015-10-01 09:05:17 UTC

* SECURITY UPDATE: improper certificate hostname verification
  - debian/patches/06_fix_CVE-2012-5783.patch: fix CN extraction and
    wildcard verification in
    src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java.
  - debian/patches/CVE-2014-3577.patch: fix Common Name logic in
    src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java.
  - CVE-2012-5783
  - CVE-2012-6153
  - CVE-2014-3577
* SECURITY UPDATE: denial of service via failure to set socket timeout
  - debian/patches/CVE-2015-5262.patch: respect configured timeout in
    src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java.
  - CVE-2015-5262
* debian/ant.properties: bump version to 1.5 to handle security fixes.

lp:ubuntu/precise-updates/commons-httpclient 2 Mature 2015-10-14 15:35:39 UTC 2015-10-14
11. * SECURITY UPDATE: improper certifica...

Author: Marc Deslauriers
Revision Date: 2015-10-01 09:05:17 UTC

* SECURITY UPDATE: improper certificate hostname verification
  - debian/patches/06_fix_CVE-2012-5783.patch: fix CN extraction and
    wildcard verification in
    src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java.
  - debian/patches/CVE-2014-3577.patch: fix Common Name logic in
    src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java.
  - CVE-2012-5783
  - CVE-2012-6153
  - CVE-2014-3577
* SECURITY UPDATE: denial of service via failure to set socket timeout
  - debian/patches/CVE-2015-5262.patch: respect configured timeout in
    src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java.
  - CVE-2015-5262
* debian/ant.properties: bump version to 1.5 to handle security fixes.

13 of 3 results