axis 1.4-21 source package in Ubuntu
Changelog
axis (1.4-21) unstable; urgency=high * Team upload. * Fix CVE-2014-3596. - Replace 06-fix-CVE-2012-5784.patch with CVE-2014-3596.patch which fixes both CVE issues. Thanks to Raphael Hertzog for the report. - The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784. - (Closes: #762444) * Declare compliance with Debian Policy 3.9.6. * Use compat level 9 and require debhelper >=9. * Use canonical VCS fields. -- Markus Koschany <email address hidden> Thu, 25 Sep 2014 19:45:08 +0000
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- libs
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
axis_1.4-21.dsc | 2.2 KiB | e97a76ebbb1b890b42c722db0343096d5d752081b264c8ec72998da38d39bbf5 |
axis_1.4.orig.tar.gz | 5.1 MiB | 9c6fd085bf83c76162c186ef755b05bb3cca68ab5ff66d47dcf69efda072ab74 |
axis_1.4-21.debian.tar.xz | 11.2 KiB | 4f4f2750da840c330cbbe1fca32955c16fc8220d501d5db09601df7089c85677 |
Available diffs
No changes file available.
Binary packages built by this source
- libaxis-java: No summary available for libaxis-java in ubuntu vivid.
No description available for libaxis-java in ubuntu vivid.
- libaxis-java-doc: No summary available for libaxis-java-doc in ubuntu utopic.
No description available for libaxis-java-doc in ubuntu utopic.