[Bug 1130942] New: CVE-2014-3577 httpcomponents-client: Apache HttpComponents client: Hostname verification susceptible to MITM attack [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1130942
Bug ID: 1130942
Summary: CVE-2014-3577 httpcomponents-client: Apache
HttpComponents client: Hostname verification
susceptible to MITM attack [fedora-all]
Product: Fedora
Version: 20
Component: httpcomponents-client
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: mizdebsk(a)redhat.com
Reporter: aneelica(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, krzysztof.daniel(a)gmail.com,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
msrb(a)redhat.com
Blocks: 1129074 (CVE-2014-3577)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1129074
[Bug 1129074] CVE-2014-3577 Apache HttpComponents client: Hostname
verification susceptible to MITM attack
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dRrCbjqZfF&a=cc_unsubscribe
9 years, 10 months
[objectweb-asm3] Commented out BR on objectweb-asm3 to enable building on EPEL7.
by Darryl L. Pierce
commit 41a858a649acb55afb76cb091e48a9c165e06612
Author: Darryl L. Pierce <mcpierce(a)gmail.com>
Date: Fri Aug 29 14:23:38 2014 -0400
Commented out BR on objectweb-asm3 to enable building on EPEL7.
objectweb-asm3.spec | 49 ++++++++++++++++++++++++++-----------------------
1 files changed, 26 insertions(+), 23 deletions(-)
---
diff --git a/objectweb-asm3.spec b/objectweb-asm3.spec
index 0419350..2b8c25f 100644
--- a/objectweb-asm3.spec
+++ b/objectweb-asm3.spec
@@ -1,6 +1,6 @@
Name: objectweb-asm3
Version: 3.3.1
-Release: 10%{?dist}
+Release: 10%{?dist}.1
Summary: Java bytecode manipulation and analysis framework
License: BSD
URL: http://asm.ow2.org/
@@ -12,7 +12,7 @@ Source1: http://www.apache.org/licenses/LICENSE-2.0.txt
BuildRequires: ant
BuildRequires: maven-local
# shade-jar utility used in this spec file needs this
-BuildRequires: objectweb-asm3
+# BuildRequires: objectweb-asm3
%description
ASM is an all purpose Java bytecode manipulation and analysis
@@ -53,32 +53,32 @@ for m in asm asm-analysis asm-commons asm-tree asm-util asm-xml asm-all; do
done
# Fix inter-module dependecies in POMs for shaded artifacts
-pushd output/dist/lib
-for m in asm-analysis asm-commons asm-util; do
- %pom_remove_dep :asm-tree ${m}-distroshaded-%{version}.pom
- %pom_add_dep asm:asm-tree-distroshaded:3.3.1 ${m}-distroshaded-%{version}.pom
-done
-%pom_remove_dep :asm-util asm-xml-distroshaded-%{version}.pom
-%pom_add_dep asm:asm-util-distroshaded:3.3.1 asm-xml-distroshaded-%{version}.pom
-
-%pom_remove_dep :asm asm-tree-distroshaded-%{version}.pom
-%pom_add_dep asm:asm-distroshaded:3.3.1 asm-tree-distroshaded-%{version}.pom
-popd
-
-for m in asm asm-analysis asm-commons asm-tree asm-util asm-xml asm-all; do
- shade-jar org.objectweb.asm org.objectweb.distroshaded.asm output/dist/lib/${m}-%{version}.jar \
- output/dist/lib/${m}-distroshaded-%{version}.jar
- jar xf output/dist/lib/${m}-distroshaded-%{version}.jar META-INF/MANIFEST.MF
- sed -i /Bundle-/d META-INF/MANIFEST.MF
- jar ufM output/dist/lib/${m}-distroshaded-%{version}.jar META-INF/MANIFEST.MF
-done
+#pushd output/dist/lib
+#for m in asm-analysis asm-commons asm-util; do
+# %pom_remove_dep :asm-tree ${m}-distroshaded-%{version}.pom
+# %pom_add_dep asm:asm-tree-distroshaded:3.3.1 ${m}-distroshaded-%{version}.pom
+#done
+#%pom_remove_dep :asm-util asm-xml-distroshaded-%{version}.pom
+#%pom_add_dep asm:asm-util-distroshaded:3.3.1 asm-xml-distroshaded-%{version}.pom
+#
+#%pom_remove_dep :asm asm-tree-distroshaded-%{version}.pom
+#%pom_add_dep asm:asm-distroshaded:3.3.1 asm-tree-distroshaded-%{version}.pom
+#popd
+#
+#for m in asm asm-analysis asm-commons asm-tree asm-util asm-xml asm-all; do
+# shade-jar org.objectweb.asm org.objectweb.distroshaded.asm output/dist/lib/${m}-%{version}.jar \
+# output/dist/lib/${m}-distroshaded-%{version}.jar
+# jar xf output/dist/lib/${m}-distroshaded-%{version}.jar META-INF/MANIFEST.MF
+# sed -i /Bundle-/d META-INF/MANIFEST.MF
+# jar ufM output/dist/lib/${m}-distroshaded-%{version}.jar META-INF/MANIFEST.MF
+#done
%install
%mvn_artifact output/dist/lib/asm-parent-%{version}.pom
for m in asm asm-analysis asm-commons asm-tree asm-util asm-xml asm-all; do
- %mvn_artifact output/dist/lib/${m}-distroshaded-%{version}.pom \
- output/dist/lib/${m}-distroshaded-%{version}.jar
+# %mvn_artifact output/dist/lib/${m}-distroshaded-%{version}.pom \
+# output/dist/lib/${m}-distroshaded-%{version}.jar
%mvn_artifact output/dist/lib/${m}-%{version}.pom \
output/dist/lib/${m}-%{version}.jar
done
@@ -95,6 +95,9 @@ done
%doc LICENSE.txt
%changelog
+* Fri Aug 29 2014 Darryl L. Pierce <dpierce(a)redhat.com> - 3.3.1-10.1
+- Commented out BR on objectweb-asm3 to enable building on EPEL7.
+
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.3.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
9 years, 10 months