[ubuntu/trusty-updates] httpcomponents-client 4.3.3-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Aug 14 13:28:05 UTC 2018
httpcomponents-client (4.3.3-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: It was found that the fix for CVE-2012-5783
and CVE-2012-6153 was incomplete. The code added to check that
the server hostname matches the domain name in the subject's CN
field was flawed. This can be exploited by a Man-in-the-middle
(MITM) attack where the attacker can spoof a valid certificate
using a specially crafted subject.
- debian/patches/CVE-2014-3577.patch: fix in AbstractVerifier.java
- CVE-2014-3577
Date: 2018-08-13 20:52:11.981641+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/httpcomponents-client/4.3.3-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list