Debian Security Advisory
DLA-322-1 commons-httpclient -- LTS security update
- Date Reported:
- 01 Oct 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-5262.
- More information:
Trevin Beattie  discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization code in commons-httpclient.
This upload fixes this issue by respecting the configured SO_TIMEOUT during SSL handshakes with the server.