Sorry for the error. You are correct, the Synopsis line should have read: Synopsis: Important: jakarta-commons-httpclient security update Thank you for the report. Pat On 09/09/2014 10:50 AM, Jake Edge wrote: > This advisory looks different than usual, and in fact looks wrong (the > subject is about jakarta-commons-httpclient but the synopsis mentions > thunderbird ... > > is this some new format for advisories? or is this just a mistake that > will be corrected soon? > > thanks! > > jake > > On Mon, 8 Sep 2014 19:16:30 +0000 Pat Riehecky wrote: >> Synopsis: Important: thunderbird security update >> Advisory ID: SLSA-2014:1166-1 >> Issue Date: 2014-09-08 >> CVE Numbers: CVE-2014-3577 >> -- >> >> It was discovered that the HTTPClient incorrectly extracted host name from >> an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle >> attacker could use this flaw to spoof an SSL server using a specially >> crafted X.509 certificate. (CVE-2014-3577) >> -- >> >> SL5 >> x86_64 >> jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.x86_64.rpm >> jakarta-commons-httpclient-demo-3.0-7jpp.4.el5_10.x86_64.rpm >> jakarta-commons-httpclient-javadoc-3.0-7jpp.4.el5_10.x86_64.rpm >> jakarta-commons-httpclient-manual-3.0-7jpp.4.el5_10.x86_64.rpm >> i386 >> jakarta-commons-httpclient-3.0-7jpp.4.el5_10.i386.rpm >> jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.i386.rpm >> jakarta-commons-httpclient-demo-3.0-7jpp.4.el5_10.i386.rpm >> jakarta-commons-httpclient-javadoc-3.0-7jpp.4.el5_10.i386.rpm >> jakarta-commons-httpclient-manual-3.0-7jpp.4.el5_10.i386.rpm >> SL6 >> x86_64 >> jakarta-commons-httpclient-3.1-0.9.el6_5.x86_64.rpm >> jakarta-commons-httpclient-debuginfo-3.1-0.9.el6_5.x86_64.rpm >> jakarta-commons-httpclient-demo-3.1-0.9.el6_5.x86_64.rpm >> jakarta-commons-httpclient-javadoc-3.1-0.9.el6_5.x86_64.rpm >> jakarta-commons-httpclient-manual-3.1-0.9.el6_5.x86_64.rpm >> i386 >> jakarta-commons-httpclient-3.1-0.9.el6_5.i686.rpm >> jakarta-commons-httpclient-debuginfo-3.1-0.9.el6_5.i686.rpm >> jakarta-commons-httpclient-demo-3.1-0.9.el6_5.i686.rpm >> jakarta-commons-httpclient-javadoc-3.1-0.9.el6_5.i686.rpm >> jakarta-commons-httpclient-manual-3.1-0.9.el6_5.i686.rpm >> >> - Scientific Linux Development Team >> > -- Pat Riehecky Scientific Linux developer http://www.scientificlinux.org/