[ubuntu/trusty-security] httpcomponents-client 4.3.3-1ubuntu0.1 (Accepted)
Eduardo dos Santos Barretto
eduardo.barretto at canonical.com
Tue Aug 14 12:44:43 UTC 2018
httpcomponents-client (4.3.3-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: It was found that the fix for CVE-2012-5783
and CVE-2012-6153 was incomplete. The code added to check that
the server hostname matches the domain name in the subject's CN
field was flawed. This can be exploited by a Man-in-the-middle
(MITM) attack where the attacker can spoof a valid certificate
using a specially crafted subject.
- debian/patches/CVE-2014-3577.patch: fix in AbstractVerifier.java
- CVE-2014-3577
Date: 2018-08-13 20:52:11.981641+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/httpcomponents-client/4.3.3-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list