Bug#629852: openjdk-6?
Damien Raude-Morvan
drazzib at debian.org
Thu Jun 30 19:48:17 UTC 2011
Hi,
Le jeudi 30 juin 2011 18:20:03, Harald Staub a écrit :
> The security tracker still shows openjdk-6 as "needs to be checked", e.g.:
> http://security-tracker.debian.org/tracker/CVE-2011-0872
>
> OTOH, Ubuntu has issued a Security Notice for openjdk-6 on June 17:
> http://www.ubuntu.com/usn/usn-1154-1/
>
> So I should assume the Debian stable package to be vulnerable?
Ubuntu had just released a new upstream security release of IcedTea [0] which
aggregate multiple security bugfixes from Oracle. It's not a specific security
release for this bug.
From RedHat bugtracket [1] and from IcedTea [2] repository, this issues seems
only related to Windows handling of selector (and only windows files are
touched by this patch).
So this particular security issue doesn't need an urgent upload for openjdk-6.
[0] http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-
June/014607.html
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0872
[2]
http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/8d393fbff5d3/patches/security/20110607/6213702.patch
Cheers,
--
Damien - Debian Developper
http://wiki.debian.org/DamienRaudeMorvan
More information about the pkg-java-maintainers
mailing list