Fwd: Extremely dangerous remote vulnerability
Joseph D. Darcy
Joe.Darcy at Sun.COM
Tue Aug 25 12:09:11 PDT 2009
Brian Gardner wrote:
> Hello,
> My name is Brian Gardner and I'm the maintainer of openjdk6 on
> FreeBSD. It looks like their is a severe vulnerability in openjdk 6,
> however I don't see a fix in mercurial yet. Is there a patch I can
> apply to our port?
The OpenJDK 6 Mercurial forest (http://hg.openjdk.java.net/jdk6/jdk6/)
is kept up to date with published security fixes. The latest round of
security fixes were pushed into OpenJDK 6 on August 4 and 5; you can
find the particular changesets in the mailing list archives:
http://mail.openjdk.java.net/pipermail/jdk6-dev/2009-August/thread.html
-Joe
>
> Begin forwarded message:
>
>> *From: *Artefact2 <artefact2 at gmail.com <mailto:artefact2 at gmail.com>>
>> *Date: *August 25, 2009 3:48:48 AM PDT
>> *To: *openjdk at getsnappy.com <mailto:openjdk at getsnappy.com>
>> *Subject: **Extremely dangerous remote vulnerability*
>>
>> Hello there,
>>
>> According to
>> http://www.cert.fi/en/reports/2009/vulnerability2009085.html , all the
>> JVMs availible on FreeBSD are affected by that vulnerability.
>>
>> That allows anyone to execute arbitrary code remotely where a XML
>> parser is involved... Updating to Java 1.6 update 15 fixes the problem.
>> Is it possible to update that port to OpenJDK equivalent of update 15 ?
>>
>> Thanks for providing OpenJDK6 for FreeBSD and for your help.
>
More information about the jdk6-dev
mailing list