openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #06132
Bug#629852: openjdk-6?
Hi,
Le jeudi 30 juin 2011 18:20:03, Harald Staub a écrit :
> The security tracker still shows openjdk-6 as "needs to be checked", e.g.:
> http://security-tracker.debian.org/tracker/CVE-2011-0872
>
> OTOH, Ubuntu has issued a Security Notice for openjdk-6 on June 17:
> http://www.ubuntu.com/usn/usn-1154-1/
>
> So I should assume the Debian stable package to be vulnerable?
Ubuntu had just released a new upstream security release of IcedTea [0] which
aggregate multiple security bugfixes from Oracle. It's not a specific security
release for this bug.
From RedHat bugtracket [1] and from IcedTea [2] repository, this issues seems
only related to Windows handling of selector (and only windows files are
touched by this patch).
So this particular security issue doesn't need an urgent upload for openjdk-6.
[0] http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-
June/014607.html
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0872
[2]
http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/8d393fbff5d3/patches/security/20110607/6213702.patch
Cheers,
--
Damien - Debian Developper
http://wiki.debian.org/DamienRaudeMorvan