[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2405-1] httpcomponents-client security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2405-1               debian-lts@lists.debian.org
https://www.debian.org/lts/security/                     Markus Koschany
October 10, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : httpcomponents-client
Version        : 4.5.2-2+deb9u1
CVE ID         : CVE-2020-13956

Oleg Kalnichevski discovered that httpcomponents-client, a Java library
for building HTTP-aware applications, can misinterpret a malformed
authority component in request URIs passed to the library as
java.net.URI object and pick the wrong target host for request
execution.

For Debian 9 stretch, this problem has been fixed in version
4.5.2-2+deb9u1.

We recommend that you upgrade your httpcomponents-client packages.

For the detailed security status of httpcomponents-client please refer
to its security tracker page at:
https://security-tracker.debian.org/tracker/httpcomponents-client

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl+B62JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQzqhAAgDrwdMQKAGTgeLCzDpPKpmYyiV8OKOxZj5V0PtIs9rGNk97ChLL1Fned
0cCzRLhbdEM2sS2SBv6SVOLHQwMNIl1C7MEkJDsbpV+q9GhpeNunZgTlfO/YPyTE
a8ATZ3Fto9ofDu3gleXRAURY3OSSKB5uGkITEL6/UjWefNZvuYBRQWwMXlnpzdbR
pbICe+eYbRsxxZFn7pPB0lnnlaicvLFmTXEegGd8YTVB0CjXHP/6AVg11jNlrN1x
peck4qLckxL9jE3IeeCWLcLbga8mpNd7mhreiEqH2M4gyANSRPGm7/AGFLmX2vew
U0VfPDJSjJjjFFUepXY5JQZ3Hw89WbZ7X1TYAbAj9IlP7XpBnt49MzSDMlcJi0iK
bKxNzCNyzH4ntRbvlzIZnQxzKVNyj4ZyxdWpGXjpgSn2ISkR07GzfTWqUUL86kns
jgBv2TDwctZgPxtGYZdDQfplO5izYR9Ti8GJuTTBLHY+YN8zU6L5Hpf8ef4Ek6u5
VUYAs/XTIa5OStIVWcTORV03HnDpaI5MjxZdaPeeJVBQsous89e6xpP1h6nKSffr
iuCR8nNPzGP5mVjnT1Hok6AJVXE+WXwQJPdFMfDx7eAuSdZeKmWHrtwdu5//YqQ0
d71slFwnUDCjVcxlcZdH/c5Mj/jBZBNQ1I9FvPNJt1WXkDNZo9M=
=xuQY
-----END PGP SIGNATURE-----


Reply to: