axis 1.4-21 source package in Ubuntu
Changelog
axis (1.4-21) unstable; urgency=high
* Team upload.
* Fix CVE-2014-3596.
- Replace 06-fix-CVE-2012-5784.patch with CVE-2014-3596.patch which fixes
both CVE issues. Thanks to Raphael Hertzog for the report.
- The getCN function in Apache Axis 1.4 and earlier does not properly
verify that the server hostname matches a domain name in the subject's
Common Name (CN) or subjectAltName field of the X.509 certificate,
which allows man-in-the-middle attackers to spoof SSL servers via a
certificate with a subject that specifies a common name in a field
that is not the CN field. NOTE: this issue exists because of an
incomplete fix for CVE-2012-5784.
- (Closes: #762444)
* Declare compliance with Debian Policy 3.9.6.
* Use compat level 9 and require debhelper >=9.
* Use canonical VCS fields.
-- Markus Koschany <email address hidden> Thu, 25 Sep 2014 19:45:08 +0000
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- libs
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| axis_1.4-21.dsc | 2.2 KiB | e97a76ebbb1b890b42c722db0343096d5d752081b264c8ec72998da38d39bbf5 |
| axis_1.4.orig.tar.gz | 5.1 MiB | 9c6fd085bf83c76162c186ef755b05bb3cca68ab5ff66d47dcf69efda072ab74 |
| axis_1.4-21.debian.tar.xz | 11.2 KiB | 4f4f2750da840c330cbbe1fca32955c16fc8220d501d5db09601df7089c85677 |
Available diffs
No changes file available.
Binary packages built by this source
- libaxis-java: No summary available for libaxis-java in ubuntu vivid.
No description available for libaxis-java in ubuntu vivid.
- libaxis-java-doc: No summary available for libaxis-java-doc in ubuntu utopic.
No description available for libaxis-java-doc in ubuntu utopic.
