Fwd: Extremely dangerous remote vulnerability
Brian Gardner
openjdk at getsnappy.com
Tue Aug 25 07:19:37 PDT 2009
Hello,
My name is Brian Gardner and I'm the maintainer of openjdk6 on
FreeBSD. It looks like their is a severe vulnerability in openjdk 6,
however I don't see a fix in mercurial yet. Is there a patch I can
apply to our port?
Begin forwarded message:
> From: Artefact2 <artefact2 at gmail.com>
> Date: August 25, 2009 3:48:48 AM PDT
> To: openjdk at getsnappy.com
> Subject: Extremely dangerous remote vulnerability
>
> Hello there,
>
> According to
> http://www.cert.fi/en/reports/2009/vulnerability2009085.html , all the
> JVMs availible on FreeBSD are affected by that vulnerability.
>
> That allows anyone to execute arbitrary code remotely where a XML
> parser is involved... Updating to Java 1.6 update 15 fixes the
> problem.
> Is it possible to update that port to OpenJDK equivalent of update
> 15 ?
>
> Thanks for providing OpenJDK6 for FreeBSD and for your help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/jdk6-dev/attachments/20090825/8ef1aade/attachment.html
More information about the jdk6-dev
mailing list