Back to axis PTS page

Accepted axis 1.4-21 (source all) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted axis 1.4-21 (source all) into unstable
From: Markus Koschany <apo@gambaru.de>
Date: Wed, 01 Oct 2014 03:19:16 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1XZARg-0000jB-F7@franck.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 25 Sep 2014 19:45:08 +0000
Source: axis
Binary: libaxis-java libaxis-java-doc
Architecture: source all
Version: 1.4-21
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@gambaru.de>
Description:
 libaxis-java - SOAP implementation in Java
 libaxis-java-doc - SOAP implementation in Java (documentation)
Closes: 762444
Changes:
 axis (1.4-21) unstable; urgency=high
 .
   * Team upload.
   * Fix CVE-2014-3596.
     - Replace 06-fix-CVE-2012-5784.patch with CVE-2014-3596.patch which fixes
       both CVE issues. Thanks to Raphael Hertzog for the report.
     - The getCN function in Apache Axis 1.4 and earlier does not properly
       verify that the server hostname matches a domain name in the subject's
       Common Name (CN) or subjectAltName field of the X.509 certificate,
       which allows man-in-the-middle attackers to spoof SSL servers via a
       certificate with a subject that specifies a common name in a field
       that is not the CN field.  NOTE: this issue exists because of an
       incomplete fix for CVE-2012-5784.
     - (Closes: #762444)
   * Declare compliance with Debian Policy 3.9.6.
   * Use compat level 9 and require debhelper >=9.
   * Use canonical VCS fields.
Checksums-Sha1:
 95cc11b21cf6819bc68eb8617806a454f4d98cfa 2246 axis_1.4-21.dsc
 263e0ff0b63af097bf4c3f85e7843d35d8fbe33d 11476 axis_1.4-21.debian.tar.xz
 dbd687ccba324618a07bf98505658c14e9acca9b 1495266 libaxis-java_1.4-21_all.deb
 f1d5d295146affa2c2c8125e8606f4c74f948483 1064692 libaxis-java-doc_1.4-21_all.deb
Checksums-Sha256:
 e97a76ebbb1b890b42c722db0343096d5d752081b264c8ec72998da38d39bbf5 2246 axis_1.4-21.dsc
 4f4f2750da840c330cbbe1fca32955c16fc8220d501d5db09601df7089c85677 11476 axis_1.4-21.debian.tar.xz
 3230be2f258dfcb953f2456eab192cbe5b9caaae224abef817d9f9cca9d0743b 1495266 libaxis-java_1.4-21_all.deb
 3946539a0c3eab191cf743b8a667bcd98bc8cd070eb6cbfc04d04730cb5d7038 1064692 libaxis-java-doc_1.4-21_all.deb
Files:
 ea9e4da875b544aaf75b87b468291b1c 1495266 java optional libaxis-java_1.4-21_all.deb
 b7b91fd7d069cd949bc3be444356dc14 1064692 doc optional libaxis-java-doc_1.4-21_all.deb
 9a5ece1c68e6e59ca50f345e92ea07e3 2246 java optional axis_1.4-21.dsc
 9738cc1034ad3534d9c9cb556c4b467b 11476 java optional axis_1.4-21.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJUK2snAAoJEGIODQuJV82l72wP/A1mtcF7CE7kDza++HwT/JCz
/MzHKs8IEy7M77EVInF9xDWzEiVt+dbeUUOfNe/znm1Cu7hJt/MqWPepStCRmGp2
PYLyC8guZlxMGxoNXBXIgD6v2LTBhanMaQ3SmyDNzZeGgSUkjR2tt+SSseIqH5MY
+JHrjaFlxUXM8c3Sjxr4CQyQEA9adzjT5Vq4zUrIVOph1PkxLYcVRgq1ZfVQy0ed
8D2fiLXvOOC5Slun9aouVcZYBR8LH6nP8QDezKENl/4InQouB/UJ+9HhGAwCEoBr
OlaF5a2bNW5TevyS3Tr3H2PFhIvt67XfeVX+Ag431wtEb0kfoRWtzU33ywbiGxhL
jdvoguShbqew0h7Q/uduR9+lu8jpzKCyqDf7UmBqhlj9H0unADLAGJukXtVWgwgC
krtapqtquj8/mY17inrANa/xhk7pBjJE5Q5pJT/Z6PwvgoQwKkLbGkqbJrkNe3Tk
fbSI63ocIJRx2tabwFBKIbLQSOd91r7hqw7HEq8DVXtLcC4k40dL0tmUL778Yh9L
+2mYfyq/4jRLUsnbpK4aTBe43jV/hqh/KHoFSbqQkuHPgoddbn8IJyeaxfkKq9fQ
eWDKpAbWFy8KWGsa47YFRjyENJrH4A1yS1Rzx2uJBXS8xbPPyDKMQ0Tkxl+io9LS
UpopE/a7PFLG7f5sT7KU
=rhQE
-----END PGP SIGNATURE-----