Summary: | dev-java/sun-jdk Plugin Arbitrary Package Access Vulnerability - <=J2SE 1.4.2_04 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kevin Stadmeyer <Lev> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | java |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities | ||
Whiteboard: | A2 [glsa] koon | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 72221 | ||
Bug Blocks: |
Description
Kevin Stadmeyer
2004-11-22 19:04:43 UTC
Java please confirm/debunk this one. sun-jdk/jre is at 1.4.2_06 RCE seems to be possible upgrading severity. Proposing combined GLSA with Blackdown bug #72221. Adjusting severity code : Sun JDK is quite used = A Passive compromise (needs defender to download untrusted applet) = 2 On combined GLSA idea : Depends on whether we get a stable mark there fast enough, but good idea GLSA drafted, still waiting on blackdown stable GLSA 200411-38 |