File apache-commons-httpclient.changes of Package apache-commons-httpclient.16971

-------------------------------------------------------------------
Tue Oct 27 10:39:27 UTC 2020 - Pedro Monreal <pmonreal@suse.com>

- Security fix [bsc#945190, CVE-2015-5262]
  * http/conn/ssl/SSLConnectionSocketFactory.java ignores the
    http.socket.timeout configuration setting during an SSL handshake,
    which allows remote attackers to cause a denial of service (HTTPS
    call hang) via unspecified vectors.
- Add apache-commons-httpclient-CVE-2015-5262.patch

-------------------------------------------------------------------
Tue Oct 27 10:38:45 UTC 2020 - Pedro Monreal <pmonreal@suse.com>

- Security fix [bsc#1178171, CVE-2014-3577]
  * org.apache.http.conn.ssl.AbstractVerifier does not properly
    verify that the server hostname matches a domain name in the
    subject's Common Name (CN) or subjectAltName field of the X.509
    certificate, which allows MITM attackers to spoof SSL servers
    via a "CN=" string in a field in the distinguished name (DN)
    of a certificate.
- Add apache-commons-httpclient-CVE-2014-3577.patch

-------------------------------------------------------------------
Fri Oct 25 08:30:33 UTC 2013 - mvyskocil@suse.com

- really apply CVE-2012-5783 patch
- build with java 6 and higher

-------------------------------------------------------------------
Thu Mar 28 10:54:13 UTC 2013 - mvyskocil@suse.com

- enhance fix of bnc#803332 / CVE-2012-5783
  * add a check for subjectAltNames for instance

-------------------------------------------------------------------
Thu Feb 14 09:10:48 UTC 2013 - mvyskocil@suse.com

- fix bnc#803332: no ssl certificate hostname checking (CVE-2012-5783)
  * commons-httpclient-CVE-2012-5783.patch
- add jakarta- compat symlinks

-------------------------------------------------------------------
Sun Feb  3 20:07:59 UTC 2013 - p.drouand@gmail.com

- Initial release
openSUSE Build Service is sponsored by