Comment 21 for bug 1115053

I rewrote the description on CVE-2012-3439.patch and fixed the whitespace changes in CVE-2012-0022.patch as far as I saw them.

CVE-2012-3439 gave me quite some headache since the testcases upstream changed already before a lot and it was hard to adopt to the oneiric version. Either I would have to try to backport all the changes from upstream which might mean to change more or less the whole TesterDigestAuthenticatorPerformance.java and cause some further errors because of some changes done somewhere else. Or I leave the testcases as they are and just adopt the needed changes made in the methods in DigestAuthenticator.java.
I went with the second option since the actual security bug was patched in DigestAuthenticator.java. This let me omit the inclusion of ConcurrentMessageDigest.java since this class is just used in the updated testcases. I think it was the rigth decision but let me know if you think different.

This just as an additional information to the DEP-3 description in CVE-2012-3439.patch.