Summary: | dev-java/{ibm-jdk-bin|ibm-jre-bin}-{1.4.2.8|1.5.0.5} affected by GLSA 200705-23 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Vlastimil Babka (Caster) (RETIRED) <caster> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | java |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://scary.beasts.org/security/CESA-2006-004.html | ||
Whiteboard: | B4? [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 215614 |
Description
Vlastimil Babka (Caster) (RETIRED)
2007-07-22 21:57:36 UTC
Arches please stabilize: dev-java/ibm-jdk-bin-1.4.2.9 dev-java/ibm-jre-bin-1.4.2.9 Sorry to amd64 which just stabilized 1.4.2.8 before I found out about the new one :) You can get the distfiles via ssh from d.g.o/~caster/tmp to avoid hassle with IBM accounts. (In reply to comment #1) > You can get the distfiles via ssh from d.g.o/~caster/tmp to avoid hassle with > IBM accounts. To be honest: This type of download restriction is a fucking piece of shit and I just hate it. If I ever meet the responsible person I will hit him/her hard in the face. x86 stable ppc64 stable ppc stable amd64 stable OK, so IBM released 1.5.0.5a which is just security fixes and apparently fixes this one vulnerability. Added to tree, arches please stabilize: dev-java/ibm-jdk-bin-1.5.0.5a dev-java/ibm-jre-bin-1.5.0.5a Note that jre SLOT 1.5 was not stable yet, but 1) 1.5.0.5 was there in ~arch for two months and 1.5.0.5a is only security fix (according to changelog) and 2) jre is just a subset of jdk which is stable, so I think there's no need to wait 30 days. You can get the distfiles again per comment 1. (i'm still uploading tho so you might have to wait if you are too fast :) x86 stable ppc stable ppc64 stable amd64 stable Which was last arch. I'll vote yes - the linked URL is talking about exploitable buffer overflows. voting yes too, maybe combined with the sun jdk/jre draft. GLSA 200806-11 |