Hi Moritz, Thank you for the report
Le 17/12/2014 15:43, Moritz Muehlenhoff a écrit : > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7397 : > https://github.com/AsyncHttpClient/async-http-client/issues/352 > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7398 : > https://github.com/AsyncHttpClient/async-http-client/issues/197 > https://github.com/wsargent/async-http-client/commit/db6716ad2f10f5c2d5124904725017b2ba8c3434 It seems the version 1.6.5 in wheezy/jessie/unstable is not affected by CVE-2013-7398. The class AllowAllHostnameVerifier doesn't exist, in this version the user of the API has to provide its own HostnameVerifier. I confirm the version 1.6.5 is affected by CVE-2013-7397. Emmanuel Bourg -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
