| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 04_fix_classpath.patch | no | |||||
| 01_build_xml_version_jar.patch | no | |||||
| 02_upstream_disable_examples_classes.patch | no | |||||
| 03_upstream_qualify_ConnectionPool_declaration.patch | no | |||||
| 00_build_xml_no_external_links.patch | no | |||||
| 06_fix_CVE-2012-5783.patch | Fixed CN extraction from DN of X500 principal and wildcard validation commons-httpclient (3.1-10.2) unstable; urgency=low * Fixed CN extraction from DN of X500 principal and wildcard validation |
Alberto Fernández MartÃnez <infjaf@gmail.com> | yes | debian | other | 2012-12-06 |
| CVE-2014-3577.patch | CVE-2014-3577 It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The fix for CVE-2012-6153 was intended to address the incomplete patch for CVE-2012-5783. This means the issue is now completely resolved by applying this patch and the 06_fix_CVE-2012-5783.patch. References: upstream announcement: https://mail-archives.apache.org/mod_mbox/www-announce/201408.mbox/CVE-2014-3577 Fedora-Fix: http://pkgs.fedoraproject.org/cgit/jakarta-commons-httpclient.git/tree/jakarta-commons-httpclient-CVE-2014-3577.patch CentOS-Fix: https://git.centos.org/blob/rpms!jakarta-commons-httpclient/SOURCES!jakarta-commons-httpclient-CVE-2014-3577.patch |
Markus Koschany <apo@gambaru.de> | not-needed | 2015-03-23 | ||
| CVE-2015-5262.patch | CVE-2015-5262 Fix CVE-2015-5262 jakarta-commons-httpclient: https calls ignore http.socket.timeout during SSL Handshake See also https://bugzilla.redhat.com/show_bug.cgi?id=1259892 Thanks to Mikolaj Izdebski for the patch. |
Markus Koschany <apo@debian.org> | no | upstream | 2015-11-02 | |
| 07_java17-compatibility.patch | Fixes the compatibility with Java 17 | Emmanuel Bourg <ebourg@apache.org> | not-needed |