openjdk team mailing list archive

Thread
Date

[Bug 1224723] Re: Clamscan finds CVE-2013-2465 in openjdk-6-jre-headless

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Mon, 30 Sep 2013 22:12:21 -0000
Reply-to: Bug 1224723 <1224723@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I've submitted the false positive to ClamAV.

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in Ubuntu.
https://bugs.launchpad.net/bugs/1224723

Title:
  Clamscan finds CVE-2013-2465 in openjdk-6-jre-headless

Status in “clamav” package in Ubuntu:
  Invalid
Status in “openjdk-6” package in Ubuntu:
  Invalid

Bug description:
  Running a clamscan on a Ubuntu 12.04.3 system reports that
  vunlerability CVE-2013-2465 was detected in version
  6b27-1.12.6-1ubuntu0.12.04.2 of openjdk-6-jre-headless:

  Run this:
  #/usr/bin/clamscan -ri --max-filesize=100M /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/

  Get this:
  /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar: Java.Exploit.CVE_2013_2465 FOUND

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1224723/+subscriptions