Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 59598 - <=dev-java/sun-jdk-1.4.2.04: Java Runtime Environment May Allow Untrusted Applets to Escalate Privileges
Summary: <=dev-java/sun-jdk-1.4.2.04: Java Runtime Environment May Allow Untrusted App...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Security
URL: http://sunsolve.sun.com/pub-cgi/retri...
Whiteboard: B4 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-06 02:56 UTC by Carsten Lohrke (RETIRED)
Modified: 2011-10-30 22:39 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2004-08-06 02:56:48 UTC 
The XSLT processor included with the Java Runtime Environment (JRE) may allow an untrusted applet to read data from another applet that is processed using the XSLT processor and may allow the untrusted applet to escalate privileges.
Comment 1 Carsten Lohrke (RETIRED) gentoo-dev 2004-08-06 02:59:59 UTC 
sdk and jre are affected of course
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2004-08-06 06:08:40 UTC 
Affected :
 SDK and JRE 1.4.2_04 or earlier
 SDK and JRE 1.4.1_07 or earlier
 SDK and JRE 1.4.0_04 or earlier

Unaffected :
 SDK and JRE 1.4.2_05 or later

x86 or Java team: please mark sun-jdk-1.4.2_05 stable on x86
Java team: please remove affected versions.
Comment 3 Thomas Matthijs (RETIRED) gentoo-dev 2004-08-06 07:14:26 UTC 
done
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2004-08-07 03:33:26 UTC 
Ready for a GLSA should we need one.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-08 11:23:44 UTC 
I vote for no GLSA on this one.
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-10 12:13:02 UTC 
Closing without GLSA.
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-11 05:32:00 UTC 
You were warned:)