Re: CVE-2014-3596 insecure certificate validation

To: team@security.debian.org
Cc: "debian-java@lists.debian.org" <debian-java@lists.debian.org>
Subject: Re: CVE-2014-3596 insecure certificate validation
From: Markus Koschany <apo@gambaru.de>
Date: Thu, 02 Oct 2014 22:51:02 +0200
Message-id: <[🔎] 542DBAB6.5010000@gambaru.de>
In-reply-to: <[🔎] 20141002112630.GA28974@inutil.org>
References: <RT-Ticket-5375@debian.org> <[🔎] 542C36DD.6090804@gambaru.de> <rt-4.0.7-11125-1412183785-512.5375-4-0@debian.org> <20141002063917.GA11604@lorien.valinor.li> <[🔎] 542D2A24.3020201@gambaru.de> <[🔎] 20141002112630.GA28974@inutil.org>

On 02.10.2014 13:26, Moritz Muehlenhoff wrote:
[...]
> Thanks for getting in touch with us! Please fix this through a point update.

Hi,

I have just filed https://bugs.debian.org/763815 and now I am waiting
for a response from the release team.

Cheers,

Markus

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Debian RT: CVE-2014-3596 insecure certificate validation
  - From: Markus Koschany <apo@gambaru.de>
- Re: CVE-2014-3596 insecure certificate validation
  - From: Markus Koschany <apo@gambaru.de>
- Re: CVE-2014-3596 insecure certificate validation
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: CVE-2014-3596 insecure certificate validation
Next by Date: RFS: eclipse-cdt 8.5.0-1 (new upstream)
Previous by thread: Re: CVE-2014-3596 insecure certificate validation
Next by thread: Bug#763704: ITP: sisu-inject -- Dependency Injection container for Java
Index(es):
- Date
- Thread