Fedora has issued an advisory on January 23: http://lists.fedoraproject.org/pipermail/package-announce/2013-February/097912.html Mageia 2 is also affected.
Whiteboard: (none) => MGA2TOO
CC: (none) => dmorganec
URL: (none) => http://lwn.net/Vulnerabilities/535742/
I fixed this in Cauldron. D Morgan, I'll need you to look at this for Mageia 2.
Version: Cauldron => 2Whiteboard: MGA2TOO => (none)
RedHat has issued an advisory for this on February 19: https://rhn.redhat.com/errata/RHSA-2013-0269.html
fixed on svn
Thanks D Morgan! Advisory: ======================== Updated axis packages fix security vulnerability: Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name (CVE-2012-5784). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784 https://rhn.redhat.com/errata/RHSA-2013-0269.html ======================== Updated packages in core/updates_testing: ======================== axis-1.4-6.1.mga2 axis-javadoc-1.4-6.1.mga2 axis-manual-1.4-6.1.mga2 from axis-1.4-6.1.mga2.src.rpm
Assignee: dmorganec => qa-bugs
http://svnweb.mageia.org/advisories/8936.adv?view=markup&sortby=date uploaded.
CC: (none) => davidwhodgins
As with other java development updates, we don't have anyone who knows how to test this properly, so all we can do is confirm that it installs cleanly. Could someone from the sysadmin team push 8936.adv
Keywords: (none) => validated_updateWhiteboard: (none) => MGA2-64-OK MGA2-32-OKCC: (none) => sysadmin-bugs
http://advisories.mageia.org/MGASA-2013-0200.html
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)