Fedora has issued an advisory on January 23:
Mageia 2 is also affected.
I fixed this in Cauldron.
D Morgan, I'll need you to look at this for Mageia 2.
RedHat has issued an advisory for this on February 19:
fixed and on the BS
Thanks D Morgan!
Updated jakarta-commons-httpclient package fixes security vulnerability:
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name (CVE-2012-5783).
Updated packages in core/updates_testing:
As with other java development updates, we don't have anyone who knows how
to test this properly, so all we can do is confirm that it installs cleanly.
Could someone from the sysadmin team push 8933.adv