Extremely dangerous remote vulnerability

Brian Gardner openjdk at getsnappy.com
Tue Aug 25 12:50:51 PDT 2009 

It looks like build 17 is right around the corner and will contain  
this security fix amongst others.  I'll get this out as soon as it is  
published.





OpenJDK 6 build 17 coming soon

Joe Darcy Joe.Darcy at Sun.COM
Tue Aug 4 19:23:03 PDT 2009

Previous message: hg: jdk6/jdk6/langtools: 6803688: Integrate latest  
JAX-WS (2.1.6) in	to JDK 6u14
Next message: OpenJDK 6 build 17 coming soon
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello.

Build 17 of OpenJDK 6 will conclude after the remainder of the
security-related fixes get back into the repository and the hs14 merge
has been completed.

-Joe


On Aug 25, 2009, at 12:09 PM, Joseph D. Darcy wrote:

> Brian Gardner wrote:
>> Hello,
>> My name is Brian Gardner and I'm the maintainer of openjdk6 on  
>> FreeBSD.  It looks like their is a severe vulnerability in openjdk  
>> 6, however I don't see a fix in mercurial yet.  Is there a patch I  
>> can apply to our port?
>
> The OpenJDK 6 Mercurial forest (http://hg.openjdk.java.net/jdk6/ 
> jdk6/) is kept up to date with published security fixes.  The latest  
> round of security fixes were pushed into OpenJDK 6 on August 4 and  
> 5; you can find the particular changesets in the mailing list  
> archives:
> http://mail.openjdk.java.net/pipermail/jdk6-dev/2009-August/ 
> thread.html
>
> -Joe
>
>>
>> Begin forwarded message:
>>
>>> *From: *Artefact2 <artefact2 at gmail.com <mailto:artefact2 at gmail.com>>
>>> *Date: *August 25, 2009 3:48:48 AM PDT
>>> *To: *openjdk at getsnappy.com <mailto:openjdk at getsnappy.com>
>>> *Subject: **Extremely dangerous remote vulnerability*
>>>
>>> Hello there,
>>>
>>> According to
>>> http://www.cert.fi/en/reports/2009/vulnerability2009085.html , all  
>>> the
>>> JVMs availible on FreeBSD are affected by that vulnerability.
>>>
>>> That allows anyone to execute arbitrary code remotely where a XML
>>> parser is involved... Updating to Java 1.6 update 15 fixes the  
>>> problem.
>>> Is it possible to update that port to OpenJDK equivalent of update  
>>> 15 ?
>>>
>>> Thanks for providing OpenJDK6 for FreeBSD and for your help.
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/jdk6-dev/attachments/20090825/b16599fd/attachment.html

More information about the jdk6-dev mailing list