|Summary:||dev-java/sun-jdk Plugin Arbitrary Package Access Vulnerability - <=J2SE 1.4.2_04|
|Product:||Gentoo Security||Reporter:||Kevin Stadmeyer <Lev>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Whiteboard:||A2 [glsa] koon|
|Package list:||Runtime testing required:||---|
|Bug Depends on:||72221|
Description Kevin Stadmeyer 2004-11-22 19:04:43 UTC
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) 2004-11-22 23:11:31 UTC
Java please confirm/debunk this one.
Comment 2 Thomas Matthijs (RETIRED) 2004-11-24 12:37:28 UTC
sun-jdk/jre is at 1.4.2_06
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) 2004-11-24 23:32:13 UTC
RCE seems to be possible upgrading severity.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) 2004-11-25 01:52:16 UTC
Proposing combined GLSA with Blackdown bug #72221.
Comment 5 Thierry Carrez (RETIRED) 2004-11-25 01:56:39 UTC
Adjusting severity code : Sun JDK is quite used = A Passive compromise (needs defender to download untrusted applet) = 2 On combined GLSA idea : Depends on whether we get a stable mark there fast enough, but good idea
Comment 6 Thierry Carrez (RETIRED) 2004-11-26 13:59:31 UTC
GLSA drafted, still waiting on blackdown stable
Comment 7 Thierry Carrez (RETIRED) 2004-11-29 13:55:26 UTC