hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aki Yoshida <elak...@gmail.com>
Subject Re: Question on CVE-2015-526
Date Thu, 05 Nov 2015 21:02:56 GMT
Hi Oleg,
Thanks. That answered my question.
regards, aki

2015-11-05 16:13 GMT+01:00 Oleg Kalnichevski <olegk@apache.org>:
> On Thu, 2015-11-05 at 13:12 +0100, Aki Yoshida wrote:
>> Hi,
>> I have a question about CVE-2015-5262 [1] which talks about an issue
>> regarding Httpclient before version 4.3.6. The referred jira ticket
>> HTTPCLIENT-1478 [2] from there mentions that this issue has been fixed
>> in 4.3.4.
>>
>>
>> Could someone clarify the situation? Is there indeed an issue with
>> 4.3.4 and 4.3.5 which is for security reasons not publicly linked from
>> the above CVE or if there is an error in either of the documents?
>>
>
> No, there is not. HTTPCLIENT-1478 affected deprecated code only. It did
> not affect productive code to start with. CVE-2015-5262 should have
> never been raised in the first place but some people think being
> credited as a reporter of CVE entry is cool.
>
> Oleg
>
>> Regards, Aki
>> [1] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262
>> [2] https://issues.apache.org/jira/browse/HTTPCLIENT-1478
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message