Hi, On Mon, 18 Aug 2014, Salvatore Bonaccorso wrote: > On Thu, Aug 14, 2014 at 11:43:32PM +0200, Emmanuel Bourg wrote: > > Is there an example available somewhere of a subject improperly parsed > > by commons-httpclient/3.1-10.2? This would help backporting the fix to > > this version. > > I think this is already fixed in 3.1-10.2, see the Red Hat bug as > reference and See https://bugs.debian.org/692442#56 and and following > mails.
I don't understand this from those mails. On the contrary, RedHat did update their packages with a new patch on top of the former patch: https://git.centos.org/blob/rpms!jakarta-commons-httpclient/5acb7f7b3e637c3a6d072e3f037a3c4abb6c48af/SOURCES!jakarta-commons-httpclient-CVE-2014-3577.patch And the Debian package still have the old version of getCN(). Cheers, -- Raphaël Hertzog ◈ Debian Developer Discover the Debian Administrator's Handbook: → http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
