Publishing details

Published on 2018-08-14
Copied from ubuntu trusty in PPA for Ubuntu Security Proposed by Eduardo Barretto

Changelog

httpcomponents-client (4.3.3-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: It was found that the fix for CVE-2012-5783
    and CVE-2012-6153 was incomplete. The code added to check that
    the server hostname matches the domain name in the subject's CN
    field was flawed. This can be exploited by a Man-in-the-middle
    (MITM) attack where the attacker can spoof a valid certificate
    using a specially crafted subject.
    - debian/patches/CVE-2014-3577.patch: fix in AbstractVerifier.java
    - CVE-2014-3577

 -- Eduardo Barretto <email address hidden>  Fri, 10 Aug 2018 17:06:26 -0300

Available diffs

diff from 4.3.3-1 (in Debian) to 4.3.3-1ubuntu0.1 (3.3 KiB)

Builds

i386

Built packages

libhttpclient-java HTTP/1.1 compliant HTTP agent implementation

libhttpmime-java HTTP/1.1 compliant HTTP agent implementation - MIME extension

Package files

httpcomponents-client_4.3.3-1ubuntu0.1.debian.tar.gz (7.7 KiB)
httpcomponents-client_4.3.3-1ubuntu0.1.dsc (2.6 KiB)
httpcomponents-client_4.3.3.orig.tar.gz (724.7 KiB)
libhttpclient-java_4.3.3-1ubuntu0.1_all.deb (515.8 KiB)
libhttpmime-java_4.3.3-1ubuntu0.1_all.deb (50.7 KiB)