Re: squeeze update of commons-httpclient

To: debian-lts@lists.debian.org
Subject: Re: squeeze update of commons-httpclient
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Thu, 16 Apr 2015 09:00:17 +0200
Message-id: <[🔎] d0bc5dc9ef80dc9a0ec52ee605e74214.squirrel@aphrodite.kinkhorst.nl>
In-reply-to: <[🔎] 552ED3AF.5010602@gambaru.de>
References: <[🔎] 552ED3AF.5010602@gambaru.de>

On Wed, April 15, 2015 23:10, Markus Koschany wrote:
> Hi,
>
> I have prepared a debdiff for commons-httpclient that addresses three
> CVEs namely CVE-2012-5783, CVE-2012-6153 and CVE-2014-3577. The
> differences between the versions in wheezy, jessie and sid are minor
> since we use the same upstream version 3.1 for all of them.
>
> 06_fix_CVE-2012-5783.patch is identical to the version in wheezy and
> fixes both CVE-2012-5783 and CVE-2012-6153. CVE-2014-3577 was created
> because of an incomplete fix for CVE-2012-6153. Further details are
> available at https://bugs.debian.org/758086#59
>
> I would be glad if someone uploaded this package to squeeze.

I can take care of this, but did you also prepare a package for wheezy? If
so, I missed it.


Cheers,
Thijs

Reply to:

Follow-Ups:
- Re: squeeze update of commons-httpclient
  - From: Markus Koschany <apo@gambaru.de>

References:
- squeeze update of commons-httpclient
  - From: Markus Koschany <apo@gambaru.de>

Prev by Date: squeeze update of commons-httpclient
Next by Date: Re: squeeze update of commons-httpclient
Previous by thread: squeeze update of commons-httpclient
Next by thread: Re: squeeze update of commons-httpclient
Index(es):
- Date
- Thread