August 2014 - java-sig-commits - Fedora Mailing-Lists

[Bug 1130942] New: CVE-2014-3577 httpcomponents-client: Apache HttpComponents client: Hostname verification susceptible to MITM attack [fedora-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1130942 Bug ID: 1130942 Summary: CVE-2014-3577 httpcomponents-client: Apache HttpComponents client: Hostname verification susceptible to MITM attack [fedora-all] Product: Fedora Version: 20 Component: httpcomponents-client Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: mizdebsk(a)redhat.com Reporter: aneelica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, jerboaa(a)gmail.com, krzysztof.daniel(a)gmail.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Blocks: 1129074 (CVE-2014-3577) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1129074 [Bug 1129074] CVE-2014-3577 Apache HttpComponents client: Hostname verification susceptible to MITM attack -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dRrCbjqZfF&a=cc_unsubscribe

9 years, 10 months

1
8
0 / 0

[Bug 1129074] CVE-2014-3577 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1129074 --- Comment #28 from Fedora Update System <updates(a)fedoraproject.org> --- httpcomponents-client-4.2.5-4.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=OesKBT4f9K&a=cc_unsubscribe

9 years, 10 months

1
0
0 / 0

[Bug 1129074] CVE-2014-3577 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1129074 Bug 1129074 depends on bug 1130942, which changed state. Bug 1130942 Summary: CVE-2014-3577 httpcomponents-client: Apache HttpComponents client: Hostname verification susceptible to MITM attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1130942 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=8AsqO2773e&a=cc_unsubscribe

9 years, 10 months

1
0
0 / 0

[objectweb-asm3/epel7] Commented out BR on objectweb-asm3 to enable building on EPEL7.

by Darryl L. Pierce

Summary of changes: 41a858a... Commented out BR on objectweb-asm3 to enable building on EP (*) (*) This commit already existed in another branch; no separate mail sent

9 years, 10 months

1
0
0 / 0

[objectweb-asm3] Commented out BR on objectweb-asm3 to enable building on EPEL7.

by Darryl L. Pierce

commit 41a858a649acb55afb76cb091e48a9c165e06612 Author: Darryl L. Pierce <mcpierce(a)gmail.com> Date: Fri Aug 29 14:23:38 2014 -0400 Commented out BR on objectweb-asm3 to enable building on EPEL7. objectweb-asm3.spec | 49 ++++++++++++++++++++++++++----------------------- 1 files changed, 26 insertions(+), 23 deletions(-) --- diff --git a/objectweb-asm3.spec b/objectweb-asm3.spec index 0419350..2b8c25f 100644 --- a/objectweb-asm3.spec +++ b/objectweb-asm3.spec @@ -1,6 +1,6 @@ Name: objectweb-asm3 Version: 3.3.1 -Release: 10%{?dist} +Release: 10%{?dist}.1 Summary: Java bytecode manipulation and analysis framework License: BSD URL: http://asm.ow2.org/ @@ -12,7 +12,7 @@ Source1: http://www.apache.org/licenses/LICENSE-2.0.txt BuildRequires: ant BuildRequires: maven-local # shade-jar utility used in this spec file needs this -BuildRequires: objectweb-asm3 +# BuildRequires: objectweb-asm3 %description ASM is an all purpose Java bytecode manipulation and analysis @@ -53,32 +53,32 @@ for m in asm asm-analysis asm-commons asm-tree asm-util asm-xml asm-all; do done # Fix inter-module dependecies in POMs for shaded artifacts -pushd output/dist/lib -for m in asm-analysis asm-commons asm-util; do - %pom_remove_dep :asm-tree ${m}-distroshaded-%{version}.pom - %pom_add_dep asm:asm-tree-distroshaded:3.3.1 ${m}-distroshaded-%{version}.pom -done -%pom_remove_dep :asm-util asm-xml-distroshaded-%{version}.pom -%pom_add_dep asm:asm-util-distroshaded:3.3.1 asm-xml-distroshaded-%{version}.pom - -%pom_remove_dep :asm asm-tree-distroshaded-%{version}.pom -%pom_add_dep asm:asm-distroshaded:3.3.1 asm-tree-distroshaded-%{version}.pom -popd - -for m in asm asm-analysis asm-commons asm-tree asm-util asm-xml asm-all; do - shade-jar org.objectweb.asm org.objectweb.distroshaded.asm output/dist/lib/${m}-%{version}.jar \ - output/dist/lib/${m}-distroshaded-%{version}.jar - jar xf output/dist/lib/${m}-distroshaded-%{version}.jar META-INF/MANIFEST.MF - sed -i /Bundle-/d META-INF/MANIFEST.MF - jar ufM output/dist/lib/${m}-distroshaded-%{version}.jar META-INF/MANIFEST.MF -done +#pushd output/dist/lib +#for m in asm-analysis asm-commons asm-util; do +# %pom_remove_dep :asm-tree ${m}-distroshaded-%{version}.pom +# %pom_add_dep asm:asm-tree-distroshaded:3.3.1 ${m}-distroshaded-%{version}.pom +#done +#%pom_remove_dep :asm-util asm-xml-distroshaded-%{version}.pom +#%pom_add_dep asm:asm-util-distroshaded:3.3.1 asm-xml-distroshaded-%{version}.pom +# +#%pom_remove_dep :asm asm-tree-distroshaded-%{version}.pom +#%pom_add_dep asm:asm-distroshaded:3.3.1 asm-tree-distroshaded-%{version}.pom +#popd +# +#for m in asm asm-analysis asm-commons asm-tree asm-util asm-xml asm-all; do +# shade-jar org.objectweb.asm org.objectweb.distroshaded.asm output/dist/lib/${m}-%{version}.jar \ +# output/dist/lib/${m}-distroshaded-%{version}.jar +# jar xf output/dist/lib/${m}-distroshaded-%{version}.jar META-INF/MANIFEST.MF +# sed -i /Bundle-/d META-INF/MANIFEST.MF +# jar ufM output/dist/lib/${m}-distroshaded-%{version}.jar META-INF/MANIFEST.MF +#done %install %mvn_artifact output/dist/lib/asm-parent-%{version}.pom for m in asm asm-analysis asm-commons asm-tree asm-util asm-xml asm-all; do - %mvn_artifact output/dist/lib/${m}-distroshaded-%{version}.pom \ - output/dist/lib/${m}-distroshaded-%{version}.jar +# %mvn_artifact output/dist/lib/${m}-distroshaded-%{version}.pom \ +# output/dist/lib/${m}-distroshaded-%{version}.jar %mvn_artifact output/dist/lib/${m}-%{version}.pom \ output/dist/lib/${m}-%{version}.jar done @@ -95,6 +95,9 @@ done %doc LICENSE.txt %changelog +* Fri Aug 29 2014 Darryl L. Pierce <dpierce(a)redhat.com> - 3.3.1-10.1 +- Commented out BR on objectweb-asm3 to enable building on EPEL7. + * Sat Jun 07 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.3.1-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

9 years, 10 months

1
0
0 / 0

[PkgDB] limb:objectweb-asm3 commit set to Approved

by Fedora PackageDB

user: limb set for mcpierce acl: commit of package: objectweb-asm3 from: to: Approved on branch: epel7 To make changes to this package see: https://admin.fedoraproject.org/pkgdb/package/objectweb-asm3

9 years, 10 months

1
0
0 / 0

[PkgDB] limb:objectweb-asm3 approveacls set to Approved

by Fedora PackageDB

user: limb set for mcpierce acl: approveacls of package: objectweb-asm3 from: to: Approved on branch: epel7 To make changes to this package see: https://admin.fedoraproject.org/pkgdb/package/objectweb-asm3

9 years, 10 months

1
0
0 / 0

[PkgDB] limb:objectweb-asm3 watchbugzilla set to Approved

by Fedora PackageDB

user: limb set for mcpierce acl: watchbugzilla of package: objectweb-asm3 from: to: Approved on branch: epel7 To make changes to this package see: https://admin.fedoraproject.org/pkgdb/package/objectweb-asm3

9 years, 10 months

1
0
0 / 0

[PkgDB] limb:objectweb-asm3 watchcommits set to Approved

by Fedora PackageDB

user: limb set for mcpierce acl: watchcommits of package: objectweb-asm3 from: to: Approved on branch: epel7 To make changes to this package see: https://admin.fedoraproject.org/pkgdb/package/objectweb-asm3

9 years, 10 months

1
0
0 / 0

[PkgDB] limb:maven-doxia commit set to Approved

by Fedora PackageDB

user: limb set for mcpierce acl: commit of package: maven-doxia from: to: Approved on branch: epel7 To make changes to this package see: https://admin.fedoraproject.org/pkgdb/package/maven-doxia

9 years, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits August 2014