axis 1.4-21 source package in Ubuntu

Changelog

axis (1.4-21) unstable; urgency=high


  * Team upload.
  * Fix CVE-2014-3596.
    - Replace 06-fix-CVE-2012-5784.patch with CVE-2014-3596.patch which fixes
      both CVE issues. Thanks to Raphael Hertzog for the report.
    - The getCN function in Apache Axis 1.4 and earlier does not properly
      verify that the server hostname matches a domain name in the subject's
      Common Name (CN) or subjectAltName field of the X.509 certificate,
      which allows man-in-the-middle attackers to spoof SSL servers via a
      certificate with a subject that specifies a common name in a field
      that is not the CN field.  NOTE: this issue exists because of an
      incomplete fix for CVE-2012-5784.
    - (Closes: #762444)
  * Declare compliance with Debian Policy 3.9.6.
  * Use compat level 9 and require debhelper >=9.
  * Use canonical VCS fields.

 -- Markus Koschany <email address hidden>  Thu, 25 Sep 2014 19:45:08 +0000

Upload details

Uploaded by:
Debian Java Maintainers
Uploaded to:
Sid
Original maintainer:
Debian Java Maintainers
Architectures:
all
Section:
libs
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Utopic: [FULLYBUILT] i386

Downloads

File Size SHA-256 Checksum
axis_1.4-21.dsc 2.2 KiB e97a76ebbb1b890b42c722db0343096d5d752081b264c8ec72998da38d39bbf5
axis_1.4.orig.tar.gz 5.1 MiB 9c6fd085bf83c76162c186ef755b05bb3cca68ab5ff66d47dcf69efda072ab74
axis_1.4-21.debian.tar.xz 11.2 KiB 4f4f2750da840c330cbbe1fca32955c16fc8220d501d5db09601df7089c85677

No changes file available.

Binary packages built by this source

libaxis-java: No summary available for libaxis-java in ubuntu vivid.

No description available for libaxis-java in ubuntu vivid.

libaxis-java-doc: No summary available for libaxis-java-doc in ubuntu utopic.

No description available for libaxis-java-doc in ubuntu utopic.