Summary: | <dev-java/ibm-{jdk,jre}-bin-{1.5.0.12_p1, 1.6.0.8_p1}: Multiple Vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Weber (RETIRED) <xmw> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | dkarasik, java |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 215614 |
Description
Michael Weber (RETIRED)
2010-07-31 23:10:32 UTC
1.5.0.12 FP1 and 1.6.0.8 FP1 are now out Seems there are security reasons for the bumps: 1.6 slot: http://www.ibm.com/developerworks/java/jdk/alerts/ mentions CVE-2010-0887 1.5 slot: http://www-01.ibm.com/support/docview.wss?uid=swg21420576 mentions some sun security bulletins (at least in .11 FP 2 which we don't have so .12 FP1 will work too) Please stabilize: dev-java/ibm-jdk-bin-1.6.0.8_p1 dev-java/ibm-jdk-bin-1.5.0.12_p1 dev-java/ibm-jre-bin-1.6.0.8_p1 dev-java/ibm-jre-bin-1.5.0.12_p1 distfiles will be available as usual via ssh in d.g.o:~caster/tmp (In reply to comment #3) > Please stabilize: > dev-java/ibm-jdk-bin-1.5.0.12_p1 > dev-java/ibm-jre-bin-1.5.0.12_p1 > > distfiles will be available as usual via ssh in d.g.o:~caster/tmp Those distfiles are not there. (In reply to comment #4) > Those distfiles are not there. Fixed, sorry. amd64 done ppc64 and ppc done x86 stable, all arches done. GLSA request filed. A quick search shows no results for a GLSA that was released per previous comments. The issue was fixed in later releases from Sun and marked stable. No vulnerable versions are in the tree as of a long time. The package is also masked. Packages dropped 25 Mar 2011 per [0]. [0]: https://gitweb.gentoo.org/data/gentoo-changelogs.git/diff/dev-java/ibm-jre-bin/ChangeLog-2015?id=24fda3d26454a64df85305138f44cae40c7b9678 |