At least on my x86, the testcases found at $URL are crashing it similarly to Sun JDK (bug 178851, I think IBM licenses most of their code anyway). I'm bumping to 1.4.2.9 which I found to be released and that has it apparently fixed (safe java exception about bad ICC data instead of crash). But we'll need to wait for update of the 1.5 slot.
Arches please stabilize: dev-java/ibm-jdk-bin-1.4.2.9 dev-java/ibm-jre-bin-1.4.2.9 Sorry to amd64 which just stabilized 1.4.2.8 before I found out about the new one :) You can get the distfiles via ssh from d.g.o/~caster/tmp to avoid hassle with IBM accounts.
(In reply to comment #1) > You can get the distfiles via ssh from d.g.o/~caster/tmp to avoid hassle with > IBM accounts. To be honest: This type of download restriction is a fucking piece of shit and I just hate it. If I ever meet the responsible person I will hit him/her hard in the face. x86 stable
ppc64 stable
ppc stable
amd64 stable
OK, so IBM released 1.5.0.5a which is just security fixes and apparently fixes this one vulnerability. Added to tree, arches please stabilize: dev-java/ibm-jdk-bin-1.5.0.5a dev-java/ibm-jre-bin-1.5.0.5a Note that jre SLOT 1.5 was not stable yet, but 1) 1.5.0.5 was there in ~arch for two months and 1.5.0.5a is only security fix (according to changelog) and 2) jre is just a subset of jdk which is stable, so I think there's no need to wait 30 days. You can get the distfiles again per comment 1. (i'm still uploading tho so you might have to wait if you are too fast :)
x86 stable
Which was last arch.
I'll vote yes - the linked URL is talking about exploitable buffer overflows.
voting yes too, maybe combined with the sun jdk/jre draft.
GLSA 200806-11