Accepted axis 1.4-21 (source all) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 25 Sep 2014 19:45:08 +0000
Source: axis
Binary: libaxis-java libaxis-java-doc
Architecture: source all
Version: 1.4-21
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@gambaru.de>
Description:
libaxis-java - SOAP implementation in Java
libaxis-java-doc - SOAP implementation in Java (documentation)
Closes: 762444
Changes:
axis (1.4-21) unstable; urgency=high
.
* Team upload.
* Fix CVE-2014-3596.
- Replace 06-fix-CVE-2012-5784.patch with CVE-2014-3596.patch which fixes
both CVE issues. Thanks to Raphael Hertzog for the report.
- The getCN function in Apache Axis 1.4 and earlier does not properly
verify that the server hostname matches a domain name in the subject's
Common Name (CN) or subjectAltName field of the X.509 certificate,
which allows man-in-the-middle attackers to spoof SSL servers via a
certificate with a subject that specifies a common name in a field
that is not the CN field. NOTE: this issue exists because of an
incomplete fix for CVE-2012-5784.
- (Closes: #762444)
* Declare compliance with Debian Policy 3.9.6.
* Use compat level 9 and require debhelper >=9.
* Use canonical VCS fields.
Checksums-Sha1:
95cc11b21cf6819bc68eb8617806a454f4d98cfa 2246 axis_1.4-21.dsc
263e0ff0b63af097bf4c3f85e7843d35d8fbe33d 11476 axis_1.4-21.debian.tar.xz
dbd687ccba324618a07bf98505658c14e9acca9b 1495266 libaxis-java_1.4-21_all.deb
f1d5d295146affa2c2c8125e8606f4c74f948483 1064692 libaxis-java-doc_1.4-21_all.deb
Checksums-Sha256:
e97a76ebbb1b890b42c722db0343096d5d752081b264c8ec72998da38d39bbf5 2246 axis_1.4-21.dsc
4f4f2750da840c330cbbe1fca32955c16fc8220d501d5db09601df7089c85677 11476 axis_1.4-21.debian.tar.xz
3230be2f258dfcb953f2456eab192cbe5b9caaae224abef817d9f9cca9d0743b 1495266 libaxis-java_1.4-21_all.deb
3946539a0c3eab191cf743b8a667bcd98bc8cd070eb6cbfc04d04730cb5d7038 1064692 libaxis-java-doc_1.4-21_all.deb
Files:
ea9e4da875b544aaf75b87b468291b1c 1495266 java optional libaxis-java_1.4-21_all.deb
b7b91fd7d069cd949bc3be444356dc14 1064692 doc optional libaxis-java-doc_1.4-21_all.deb
9a5ece1c68e6e59ca50f345e92ea07e3 2246 java optional axis_1.4-21.dsc
9738cc1034ad3534d9c9cb556c4b467b 11476 java optional axis_1.4-21.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJUK2snAAoJEGIODQuJV82l72wP/A1mtcF7CE7kDza++HwT/JCz
/MzHKs8IEy7M77EVInF9xDWzEiVt+dbeUUOfNe/znm1Cu7hJt/MqWPepStCRmGp2
PYLyC8guZlxMGxoNXBXIgD6v2LTBhanMaQ3SmyDNzZeGgSUkjR2tt+SSseIqH5MY
+JHrjaFlxUXM8c3Sjxr4CQyQEA9adzjT5Vq4zUrIVOph1PkxLYcVRgq1ZfVQy0ed
8D2fiLXvOOC5Slun9aouVcZYBR8LH6nP8QDezKENl/4InQouB/UJ+9HhGAwCEoBr
OlaF5a2bNW5TevyS3Tr3H2PFhIvt67XfeVX+Ag431wtEb0kfoRWtzU33ywbiGxhL
jdvoguShbqew0h7Q/uduR9+lu8jpzKCyqDf7UmBqhlj9H0unADLAGJukXtVWgwgC
krtapqtquj8/mY17inrANa/xhk7pBjJE5Q5pJT/Z6PwvgoQwKkLbGkqbJrkNe3Tk
fbSI63ocIJRx2tabwFBKIbLQSOd91r7hqw7HEq8DVXtLcC4k40dL0tmUL778Yh9L
+2mYfyq/4jRLUsnbpK4aTBe43jV/hqh/KHoFSbqQkuHPgoddbn8IJyeaxfkKq9fQ
eWDKpAbWFy8KWGsa47YFRjyENJrH4A1yS1Rzx2uJBXS8xbPPyDKMQ0Tkxl+io9LS
UpopE/a7PFLG7f5sT7KU
=rhQE
-----END PGP SIGNATURE-----