Fedora has issued an advisory on January 23: http://lists.fedoraproject.org/pipermail/package-announce/2013-February/097836.html Mageia 2 is also affected.
Whiteboard: (none) => MGA2TOO
CC: (none) => dmorganec
URL: (none) => http://lwn.net/Vulnerabilities/535734/
I fixed this in Cauldron. D Morgan, I'll need you to look at this for Mageia 2.
Version: Cauldron => 2Whiteboard: MGA2TOO => (none)
RedHat has issued an advisory for this on February 19: https://rhn.redhat.com/errata/RHSA-2013-0270.html
fixed and on the BS
Thanks D Morgan! Advisory: ======================== Updated jakarta-commons-httpclient package fixes security vulnerability: The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name (CVE-2012-5783). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783 https://rhn.redhat.com/errata/RHSA-2013-0270.html ======================== Updated packages in core/updates_testing: ======================== jakarta-commons-httpclient-3.1-3.1.mga2 jakarta-commons-httpclient-javadoc-3.1-3.1.mga2 jakarta-commons-httpclient-demo-3.1-3.1.mga2 jakarta-commons-httpclient-manual-3.1-3.1.mga2 from jakarta-commons-httpclient-3.1-3.1.mga2.src.rpm
Assignee: dmorganec => qa-bugs
http://svnweb.mageia.org/advisories/8933.adv?view=markup&sortby=date Uploaded.
CC: (none) => davidwhodgins
As with other java development updates, we don't have anyone who knows how to test this properly, so all we can do is confirm that it installs cleanly. Could someone from the sysadmin team push 8933.adv
Keywords: (none) => validated_updateWhiteboard: (none) => MGA2-64-OK MGA2-32-OKCC: (none) => sysadmin-bugs
http://advisories.mageia.org/MGASA-2013-0199.html
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)