Security Patches

[Deepak Mathews]

Hi,

Thank you Tim for your prompt reply.

Actually, there are more security issues...

These are the bug ids.
269868, 269869, 269870, 270474, 270475, 270476

http://blogs.sun.com/security/entry/advance_notification_of_security_updates6

http://blogs.sun.com/security/entry/sun_alert_269868_the_java
http://blogs.sun.com/security/entry/sun_alert_269869_command_execution
http://blogs.sun.com/security/entry/sun_alert_269870_security_vulnerability

http://blogs.sun.com/security/entry/sun_alert_270474_buffer_and
http://blogs.sun.com/security/entry/sun_alert_270475_a_security
http://blogs.sun.com/security/entry/sun_alert_270476_two_security

Thanks.
Deepak

On Mon, Dec 7, 2009 at 11:09 AM, Tim Bell <Tim.Bell at sun.com> wrote:

> Deepak Mathews wrote:
>
> > Does OpenJDK share a lot of codebase with SunJDK.
>
> Yes, it does.
>
> > There was a security issue for SunJDK...
>
> ... ?? specific details please ??
>
> > A command execution vulnerability in the Java Runtime Environment
> Deployment
> > Toolkit may be leveraged to execute arbitrary code. This may occur as the
> > result of a user of the Java Runtime Environment viewing a specially
> crafted
> > web page that exploits this vulnerability.
> >
> > This issue can occur in the following Java SE and Java SE for Business
> > releases for Windows:
> >
> > JDK and JRE 6 Update 16 and earlier
> > Note: JDK and JRE 5.0, and SDK and JRE 1.4.2 and 1.3.1 are not affected
> by
> > this issue.
> >
> > The security issues for SunJDK... Will this affect OpenJDK 7 also?
>
> Where did you get the text pasted above?  Were there bug-ID(s) referenced,
> and if so, what were they?
>
> JDK7 is currently in sync with security fixes, but we won't be
> able to track this down for sure without more information.
>
> Thx-
>
> Tim
>
>