httpcomponents-client (4.1.1-2+deb7u1) wheezy; urgency=high * Team upload. * Add CVE-2012-6153.patch and CVE-2014-3577.patch. It was found that the fix for CVE-2012-5783 and CVE-2012-6153 was incomplete. The code added to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can spoof a valid certificate using a specially crafted subject. -- Markus Koschany Sat, 18 Apr 2015 14:15:11 +0200 httpcomponents-client (4.1.1-2) unstable; urgency=low * Add OSGi metadata to JAR manifest. * Add Jakub Adam to Uploaders. * Bump Standards-Version to 3.9.3. No changes were required. * Updated copyright file format. * Add httpcore.jar and httpclient.jar to httpmime.jar Class-Path. -- Jakub Adam Tue, 27 Mar 2012 21:33:50 +0200 httpcomponents-client (4.1.1-1) unstable; urgency=high * New upstream release: Fixed critical bug causing Proxy-Authorization header to be sent to the target host when tunneling requests through a proxy server that requires authentication: CVE-2011-1498. (Closes: #628727). * New maintainer. (Closes: #628731). * Bump Standards-Version to 3.9.2. No changes were required. * Add Build-Depends on libmockito-java. * Update Vcs-* fields. -- Miguel Landaeta Wed, 29 Jun 2011 00:13:18 -0430 httpcomponents-client (4.0.3-2) unstable; urgency=low * Upload to unstable * Package orphaned * Tests disabled, they make the package FTBFS -- David Paleino Tue, 31 May 2011 21:56:38 +0200 httpcomponents-client (4.0.3-1) experimental; urgency=low * New upstream version -- David Paleino Wed, 22 Sep 2010 08:50:04 +0200 httpcomponents-client (4.0.2-1) experimental; urgency=low * New upstream version * debian/control: - Standards-Version bumped to 3.9.1, no changes needed -- David Paleino Thu, 16 Sep 2010 11:52:49 +0200 httpcomponents-client (4.0.1-1) unstable; urgency=low * Initial release (Closes: #575327) -- David Paleino Wed, 14 Jul 2010 17:57:40 +0200