On Sat, Apr 18, 2015 at 06:07:13PM +0200, Markus Koschany wrote: > Hi, > > I was recently involved in fixing #758086, CVE-2014-3577, in > commons-httpclient. Since httpcomponents-client is the successor of > commons-httpclient, I saw that this package is also affected by > CVE-2014-3577. I have prepared a debdiff for wheezy with all the > necessary changes which is attached to this e-mail. Although I could > have omitted the CVE-2012-6153.patch, I found it useful enough to apply > it anyway, mostly because I didn't have to rebase the Fedora patch which > dealt with the same issue. It is also obvious now that CVE-2012-6153 has > been fixed for wheezy. Upstream commits and corresponding bug reports > for RedHat are documented in the patch headers. I intend to file a > wheezy-pu bug report because this vulnerability is marked as "no-dsa" by > the security team. I would be glad if someone sponsored this package for me. > Hi Markus, I can sponsor it. What's the release.debian.org bug number for this? Cheers, -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key. "Faith means not wanting to know what is true." -- Nietzsche
Attachment:
signature.asc
Description: Digital signature