openjdk team mailing list archive

Thread
Date

[Bug 1224723] Re: Clamscan finds CVE-2013-2465 in openjdk-6-jre-headless

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Mon, 30 Sep 2013 19:51:23 -0000
Reply-to: Bug 1224723 <1224723@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thanks for reporting this.

It looks like a false positive. None of the files are detected as being
a virus once the archive is extracted, and online scanner don't detect
the file as a virus.

I've updated the list of known false positives here:

http://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-
tracker/master/view/head:/README.virus

Thanks!

** Changed in: openjdk-6 (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in Ubuntu.
https://bugs.launchpad.net/bugs/1224723

Title:
  Clamscan finds CVE-2013-2465 in openjdk-6-jre-headless

Status in “openjdk-6” package in Ubuntu:
  Invalid

Bug description:
  Running a clamscan on a Ubuntu 12.04.3 system reports that
  vunlerability CVE-2013-2465 was detected in version
  6b27-1.12.6-1ubuntu0.12.04.2 of openjdk-6-jre-headless:

  Run this:
  #/usr/bin/clamscan -ri --max-filesize=100M /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/

  Get this:
  /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar: Java.Exploit.CVE_2013_2465 FOUND

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1224723/+subscriptions