Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 330663

Summary: <dev-java/ibm-{jdk,jre}-bin-{1.5.0.12_p1, 1.6.0.8_p1}: Multiple Vulnerabilities
Product: Gentoo Security Reporter: Michael Weber (RETIRED) <xmw>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: dkarasik, java
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 215614    

Description Michael Weber (RETIRED) gentoo-dev 2010-07-31 23:10:32 UTC
i've just seen this newer version of the 1.5 series, thanks
Comment 1 Dmitry Karasik 2010-09-16 18:58:39 UTC
1.5.0.12 FP1 and 1.6.0.8 FP1 are now out
Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-09-16 21:30:28 UTC
Seems there are security reasons for the bumps:

1.6 slot: http://www.ibm.com/developerworks/java/jdk/alerts/ mentions     CVE-2010-0887
1.5 slot: http://www-01.ibm.com/support/docview.wss?uid=swg21420576 mentions some sun security bulletins (at least in .11 FP 2 which we don't have so .12 FP1 will work too)

Comment 3 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-09-16 21:50:40 UTC
Please stabilize:
dev-java/ibm-jdk-bin-1.6.0.8_p1
dev-java/ibm-jdk-bin-1.5.0.12_p1
dev-java/ibm-jre-bin-1.6.0.8_p1
dev-java/ibm-jre-bin-1.5.0.12_p1

distfiles will be available as usual via ssh in d.g.o:~caster/tmp
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2010-09-17 06:12:44 UTC
(In reply to comment #3)
> Please stabilize:
> dev-java/ibm-jdk-bin-1.5.0.12_p1
> dev-java/ibm-jre-bin-1.5.0.12_p1
> 
> distfiles will be available as usual via ssh in d.g.o:~caster/tmp

 Those distfiles are not there.
Comment 5 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-09-20 15:38:58 UTC
(In reply to comment #4)
>  Those distfiles are not there.
 
Fixed, sorry.
Comment 6 Markos Chandras (RETIRED) gentoo-dev 2010-09-26 12:07:34 UTC
amd64 done
Comment 7 Brent Baude (RETIRED) gentoo-dev 2010-09-28 22:27:11 UTC
ppc64 and ppc done
Comment 8 Markus Meier gentoo-dev 2010-10-05 20:29:08 UTC
x86 stable, all arches done.
Comment 9 Stefan Behte (RETIRED) gentoo-dev Security 2010-10-07 21:52:18 UTC
GLSA request filed.
Comment 10 Aaron Bauman (RETIRED) gentoo-dev 2016-03-05 11:26:32 UTC
A quick search shows no results for a GLSA that was released per previous comments.

The issue was fixed in later releases from Sun and marked stable.  No vulnerable versions are in the tree as of a long time.  The package is also masked.