Package: httpcomponents-client Version: 4.0.1-1 Severity: serious Tags: security
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for httpcomponents-client. CVE-2011-1498 [HTTPCLIENT-1061] Fixed critical bug causing Proxy-Authorization header to be sent to the target host when tunneling requests through a proxy server that requires authentication. http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt http://seclists.org/oss-sec/2011/q2/188 If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Please contact the security team to get the issue addressed in stable aswell. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1498 http://security-tracker.debian.org/tracker/CVE-2011-1498 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
