Fix for JDK Double.parseDouble infinite loop
Dr Andrew John Hughes
gnu_andrew at member.fsf.org
Mon Feb 7 22:23:22 UTC 2011
On 7 February 2011 21:48, Mark Wielaard <mark at klomp.org> wrote:
> On Wed, February 2, 2011 17:16, Andrew Haley wrote:
>> The post on
>> http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
>
> This is hitting more and more media. e.g.
> http://www.channelregister.co.uk/2011/02/07/java_denial_of_service_bug/
>
> Since it seems to be a pretty serious security/denial of service attack
> maybe we could at least get the fix into IcedTea6 and warn the various
> distros they should apply it asap for their users?
>
> Cheers,
>
> Mark
>
>
I'll add it tomorrow. I expect new IcedTea6 releases soon to coincide
with the Oracle SSR; see
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
--
Andrew :-)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net
PGP Key: F5862A37 (https://keys.indymedia.org/)
Fingerprint = EA30 D855 D50F 90CD F54D 0698 0713 C3ED F586 2A37
More information about the core-libs-dev
mailing list