Fedora has issued an advisory on January 23:
Mageia 2 is also affected.
I fixed this in Cauldron.
D Morgan, I'll need you to look at this for Mageia 2.
RedHat has issued an advisory for this on February 19:
fixed on svn
Thanks D Morgan!
Updated axis packages fix security vulnerability:
Apache Axis did not verify that the server hostname matched the domain name
in the subject's Common Name (CN) or subjectAltName field in X.509
certificates. This could allow a man-in-the-middle attacker to spoof an SSL
server if they had a certificate that was valid for any domain name
Updated packages in core/updates_testing:
As with other java development updates, we don't have anyone who knows how
to test this properly, so all we can do is confirm that it installs cleanly.
Could someone from the sysadmin team push 8936.adv