Apache HttpClient CVE request [VU#153049]

[Chad Dougherty <crd () cert org>]

Hello all,

Per the Apache HttpClient 4.1.1 release notes:

<http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt>

"The HttpClient 4.1.1 is a bug fix release that addresses a number of 
issues reported since release 4.1, including one critical security issue 
(HTTPCLIENT-1061). All users of HttpClient 4.0.x and 4.1 are strongly 
encouraged to upgrade.
[...]
* [HTTPCLIENT-1061] Fixed critical bug causing Proxy-Authorization 
header to be sent to the target host when tunneling requests through a 
proxy server that requires authentication.
  Contributed by Oleg Kalnichevski <olegk at apache.org>"

It doesn't look like this has received a CVE identifier and I didn't 
want to duplicate anyone by assigning one from our pool.  Could someone 
please assign one?

Thanks...

        -Chad