Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 96092
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Stefan Tittel <bugreports@tittel.net>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 96092 depends on: 96229 Show dependency tree
Bug 96092 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-06-14 09:20 0000 
A vulnerability in the Java Runtime Environment provided by
dev-java/sun-jdk-1.4.2.07-r1 may allow an untrusted applet to elevate its
privileges. For example, an applet may grant itself permissions to read and
write local files or execute local applications that are accessible to the user
running the untrusted applet.

For further details please have a look at the URL specified.

Affected are all Sun 1.4 JDKs <=1.4.2_07, so it hits
dev-java/sun-jdk-1.4.2.07-r1. The actual stable-lead dev-java/sun-jdk-1.4.2.08
seems to be fine, so removing or hard masking dev-java/sun-jdk-1.4.2.07-r1
should do the trick.

Also other JDKs like dev-java/blackdown-jdk or dev-java/compaq-jdk might be
affected, this should be investigated.

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-06-14 12:41:12 0000 ------- 
Java please advise also on other Java flavors.

------- Comment #2 From Thierry Carrez (RETIRED) 2005-06-16 09:04:54 0000 ------- 
1.4.2.08 is released and stable on the right platforms. I would say this is
ready for a common GLSA with bug 96229.

------- Comment #3 From Jan Brinkmann (RETIRED) 2005-06-16 10:03:33 0000 ------- 
removed the vulnerable version

------- Comment #4 From Thierry Carrez (RETIRED) 2005-06-19 12:02:46 0000 ------- 
GLSA 200506-14
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug