openjdk team mailing list archive

Thread
Date

Bug#629852: openjdk-6?

To: Harald Staub <harald.staub@xxxxxxxxx>, 629852@xxxxxxxxxxxxxxx
From: "Damien Raude-Morvan" <drazzib@xxxxxxxxxx>
Date: Thu, 30 Jun 2011 21:48:17 +0200
In-reply-to: <4E0CA233.6070000@switch.ch>
Reply-to: Damien Raude-Morvan <drazzib@xxxxxxxxxx>, 629852@xxxxxxxxxxxxxxx
Resent-cc: OpenJDK Team <openjdk@xxxxxxxxxxxxxxxxxxx>, Debian Java Maintainers <pkg-java-maintainers@xxxxxxxxxxxxxxxxxxxxxxx>
Resent-date: Thu, 30 Jun 2011 19:51:02 +0000
Resent-from: "Damien Raude-Morvan" <drazzib@xxxxxxxxxx>
Resent-message-id: <handler.629852.B629852.130946330621266@xxxxxxxxxxxxxxx>
Resent-sender: Debian BTS <debbugs@xxxxxxxxxxxxxxxxx>
Resent-to: debian-bugs-dist@xxxxxxxxxxxxxxxx
User-agent: KMail/1.13.7 (Linux/3.0.0-rc4-amd64; KDE/4.6.4; x86_64; ; )

Hi,

Le jeudi 30 juin 2011 18:20:03, Harald Staub a écrit :
> The security tracker still shows openjdk-6 as "needs to be checked", e.g.:
> http://security-tracker.debian.org/tracker/CVE-2011-0872
> 
> OTOH, Ubuntu has issued a Security Notice for openjdk-6 on June 17:
> http://www.ubuntu.com/usn/usn-1154-1/
> 
> So I should assume the Debian stable package to be vulnerable?

Ubuntu had just released a new upstream security release of IcedTea [0] which 
aggregate multiple security bugfixes from Oracle. It's not a specific security 
release for this bug.

From RedHat bugtracket [1] and from IcedTea [2] repository, this issues seems 
only related to Windows handling of selector (and only windows files are 
touched by this patch).

So this particular security issue doesn't need an urgent upload for openjdk-6.

[0] http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-
June/014607.html
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0872
[2] 
http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/8d393fbff5d3/patches/security/20110607/6213702.patch

Cheers,
-- 
Damien - Debian Developper
http://wiki.debian.org/DamienRaudeMorvan