Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 16 Update: jakarta-commons-httpclient-3.1-12.fc16
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Friday 1st February 2013 16:49:49 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-1289
2013-01-23 00:36:29
--------------------------------------------------------------------------------

Name        : jakarta-commons-httpclient
Product     : Fedora 16
Version     : 3.1
Release     : 12.fc16
URL         : http://jakarta.apache.org/commons/httpclient/
Summary     : Jakarta Commons HTTPClient implements the client side of HTTP
standards
Description :
The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant
protocol used on the Internet today. Web services, network-enabled
appliances and the growth of network computing continue to expand the
role of the HTTP protocol beyond user-driven web browsers, and increase
the number of applications that may require HTTP support.
Although the java.net package provides basic support for accessing
resources via HTTP, it doesn't provide the full flexibility or
functionality needed by many applications. The Jakarta Commons HTTP
Client component seeks to fill this void by providing an efficient,
up-to-date, and feature-rich package implementing the client side of the
most recent HTTP standards and recommendations.
Designed for extension while providing robust support for the base HTTP
protocol, the HTTP Client component may be of interest to anyone
building HTTP-aware client applications such as web browsers, web
service clients, or systems that leverage or extend the HTTP protocol
for distributed communication.

--------------------------------------------------------------------------------
Update Information:

This update fixes a security vulnerability that caused
jakarta-commons-httpclient not to verify that the server hostname matches a
domain name in the subject's Common Name (CN) or subjectAltName field of
the X.509 certificate, which allowed man-in-the-middle attackers to spoof
SSL servers via andaarbitrary valid certificate (CVE-2012-5783).
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 21 2013 Mikolaj Izdebski  - 1:3.1-12
- Add missing connection hostname check against X.509 certificate name
- Resolves: CVE-2012-5783
* Thu Nov  1 2012 Mikolaj Izdebski  - 1:3.1-11
- Add maven POM
* Thu Sep 20 2012 Mikolaj Izdebski  - 1:3.1-10
- Fix license tag
* Thu Sep 20 2012 Mikolaj Izdebski  - 1:3.1-9
- Install LICENSE and NOTICE files
- Add missing R: java, jpackage-utils
* Thu Jul 19 2012 Fedora Release Engineering
 - 1:3.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sun Jan 22 2012 Andy Grimm  - 1:3.1-7
- Fix character encoding
* Fri Jan 13 2012 Fedora Release Engineering
 - 1:3.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #873317 - CVE-2012-5783 jakarta-commons-httpclient: missing
connection hostname check against X.509 certificate name
        https://bugzilla.redhat.com/show_bug.cgi?id=873317
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update jakarta-commons-httpclient' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms