[Secure-testing-team] Bug#692442: CVE-2012-5783: Insecure certificate validation
Moritz Muehlenhoff
jmm at inutil.org
Tue Nov 6 10:54:59 UTC 2012
Package: commons-httpclient
Severity: important
Tags: security
Please see Section 7.5 of this paper:
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
This has been assigned CVE-2012-5783. I'm not sure if we can backport more
correct certificate validation to 3.x, but independent of that it might
make sense to introduce the 4.x codebase to the archive?
Cheers,
Moritz
More information about the Secure-testing-team
mailing list