As usual, bugs in Sun JDK are likely to affect other vendors also due to shared classes etc, and updatess come after a while after Sun updates. The IBM JDK 1.5.0.8 update I noticed today mentions the following security stuff in changelog (which you probably can't access without login to IBM site): asdev-20080626 136205 IZ24898 c N/A Sun Security Bulletin 150_16 jsdev-20080613 134284 IZ24844 c 6581221 Sun Security fixes 6450319 6557220 6581221 6607339 6661918 xs2dev-20080613 134284 IZ24844 c 6581221 Sun Security fixes 6450319 6557220 6581221 6607339 6661918 Some of the fix numbers are mentioned in Sun advisories in bug 231337. Not sure if all apply to IBM and are fixed in this version. Seems IBM didn't release own advisory yet. I'll at least put the new version in tree and ask for stabling. There are no updates for slots 1.6 and 1.4 yet.
Thanks for following this up, please cc arches as yo push updates.
Arches please stabilize ibm-jdk-bin and ibm-jre-bin 1.5.0.8. Distfiles as usual via ssh d.g.o/~caster/tmp
amd64/x86 stable
ppc64 stable
ppc stable for 1.5.0.8
Bah, instead of the other slots they released 1.5.0.8a which has "Sun Security fix 6332953" which is probably this vuln: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1 So please stabilize ibm-jdk-bin and ibm-jre-bin 1.5.0.8a. Distfiles as usual.
ppc and ppc64 stable
amd64 stable
x86 stable, all arches done for 1.5
So, IBM finally released alerts (in $URL) and a fixed 1.6 which I'm gonna update. No 1.4 yet.
ppc/ppc64 please stabilize (other arches don't have any 1.6 stable yet) dev-java/ibm-jdk-bin-1.6.0.2 distfiles as usual
(In reply to comment #11) > ppc/ppc64 please stabilize (other arches don't have any 1.6 stable yet) > dev-java/ibm-jdk-bin-1.6.0.2 actually adding arches to CC, sorry...
ppc/ppc64 stable
Please stabilize the finally released 1.4.2.12 (jdk and jre), as usual.
Turns out in bug 240384 that I've used old distfiles for the javacomm optional stuff in 1.6, so ppc/ppc64 please stabilize also ibm-jdk-bin-1.6.0.2-r1 thanks.
1.6.0.2-r1 stable on ppc/ppc64.
(In reply to comment #17) > 1.6.0.2-r1 stable on ppc/ppc64. Please do also 1.4.2.12 (jdk and jre) see comment 14, sorry for confusion.
whoops.. 1.4.2.12 (jdk and jre) stable on ppc/ppc64, too.
all done except glsa
request filed, thanks caster.
Looks officially obsoleted/additive to bug 252416 now.
This issue has been fixed since Oct 15, 2008. No GLSA will be issued.