Fix for Sun Alert 246387 included in OpenJDk 6 b11?
Florian Weimer
fw at deneb.enyo.de
Mon Jun 8 13:44:59 UTC 2009
* Mark Wielaard:
> On Mon, 2009-06-08 at 15:32 +0200, Mark Wielaard wrote:
>> Hi Florian,
>>
>> On Mon, 2009-06-08 at 15:08 +0200, Florian Weimer wrote:
>> > Was the fix for Sun Alert 246387 (aka CVE-2008-5345) included in
>> > OpenJDK 6b11?
>>
>> I believe CVE-2008-5345 is a catch all for a bundle of security update
>> patches:
>> http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2009-March/005209.html
>> which were later folded into OpenJDK6 b16:
>> http://mail.openjdk.java.net/pipermail/jdk6-dev/2009-April/thread.html#436
>
> Better URLs of the release notes, including CVS numbers:
> http://langel.wordpress.com/2009/02/02/icedtea6-14-released/
> and other bug numbers:
> http://blogs.sun.com/darcy/entry/openjdk_6_sources_for_b14
> (Note b14, I said b16 before, but that contained other security fixes)
Sorry, but this is way too late to be relevant to my question (which
is about b11, not b14): The CVE-2008-5345 fix was not listed
explicitly in the b14 round of fixes, otherwise I'd have an isolated
patch I could examine.
More information about the core-libs-dev
mailing list