http://java.sun.com/javase/downloads/index.jsp Changelog mentions a Buffer Overflow in sun.font.TrueTypeFont.getTableBuffer http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_04 We should get 1.6.0.04 in the tree ASAP and Mask 1.6.0.03!
Maybe the site changed in between, but it mentions that a "StackOverflowError" was caused in that function. Since that happens gracefully within the JVM, how is that a security vulnerability? Java herd, did I miss something?
(In reply to comment #1) > Maybe the site changed in between, but it mentions that a "StackOverflowError" > was caused in that function. Since that happens gracefully within the JVM, how > is that a security vulnerability? Exactly, it's in the java code, so it's safe. The associated bug also shows a java exception stack trace, no segfault. Also, I'm sure Sun would release some advisory. I expect one anyway, even wanted to open a security bug like "new version was released, there must be something with the old" when I noticed the release :) So for now, just a version bump bug, and we are as usually waiting for the release under DJL license...
In CVS.
Thanks! :)