Bug 1259892
Summary: | CVE-2015-5262 jakarta-commons-httpclient: https calls ignore http.socket.timeout during SSL Handshake | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Trevin Beattie <tbeattie> | ||||
Component: | jakarta-commons-httpclient | Assignee: | Java maintainers <java-maint> | ||||
Status: | CLOSED NEXTRELEASE | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 6.6 | CC: | bnater, fweimer, jorton, mizdebsk | ||||
Target Milestone: | rc | Keywords: | Patch, Security, SecurityTracking | ||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Release Note | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2019-06-27 12:46:13 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1261538 | ||||||
Attachments: |
|
Description
Trevin Beattie
2015-09-03 18:01:51 UTC
Created attachment 1072467 [details]
Proposed patch
I’ve applied the patch locally and gave it a smoke test in our QA environment; we pushing it to production this afternoon. We should know in a few days whether it was effective. The patched library has been in production for a week now, and our application has not hanged at all during that time. We're very happy with the result. Thank you for the quick response. :) Red Hat Enterprise Linux 6 reached end of Maintenance Support 1 phase. Therefore this vulnerability, due to low severity, is not going to be fixed. I'm closing this bug as NEXTRELEASE as the problem is already fixed in Red Hat Enterprise Linux 8. |