Bug#267040: gcjwebplugin runs untrusted code without sandbox
Ben Hutchings
ben at decadent.org.uk
Sun Sep 7 16:39:28 UTC 2008
gcjwebplugin is a Java plugin for web browsers. It does not include the
security manager which is a crucial part of the "sandboxing" of Java
applets. The maintainers have "fixed" this bug (#267040) merely by
adding a warning prompt before running applets, which is well known to
be an insufficient means of protecting users from malware. Please do
not include it in lenny. (Unfortunately it is built from the classpath
source package, so that will have to be modified to remove it.)
Ben.
--
Ben Hutchings
Design a system any fool can use, and only a fool will want to use it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20080907/6de78424/attachment.pgp
More information about the pkg-java-maintainers
mailing list