As usual, bugs in Sun JDK are likely to affect other vendors also due to shared classes etc, and updatess come after a while after Sun updates. The IBM JDK 126.96.36.199 update I noticed today mentions the following security stuff in changelog (which you probably can't access without login to IBM site):
asdev-20080626 136205 IZ24898 c N/A Sun Security Bulletin 150_16
jsdev-20080613 134284 IZ24844 c 6581221 Sun Security fixes 6450319 6557220 6581221 6607339 6661918
xs2dev-20080613 134284 IZ24844 c 6581221 Sun Security fixes 6450319 6557220 6581221 6607339 6661918
Some of the fix numbers are mentioned in Sun advisories in bug 231337. Not sure if all apply to IBM and are fixed in this version. Seems IBM didn't release own advisory yet. I'll at least put the new version in tree and ask for stabling. There are no updates for slots 1.6 and 1.4 yet.
Thanks for following this up, please cc arches as yo push updates.
Arches please stabilize ibm-jdk-bin and ibm-jre-bin 188.8.131.52. Distfiles as usual via ssh d.g.o/~caster/tmp
ppc stable for 184.108.40.206
Bah, instead of the other slots they released 220.127.116.11a which has "Sun Security fix 6332953" which is probably this vuln: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1
So please stabilize ibm-jdk-bin and ibm-jre-bin 18.104.22.168a. Distfiles as usual.
ppc and ppc64 stable
x86 stable, all arches done for 1.5
So, IBM finally released alerts (in $URL) and a fixed 1.6 which I'm gonna update. No 1.4 yet.
ppc/ppc64 please stabilize (other arches don't have any 1.6 stable yet)
distfiles as usual
(In reply to comment #11)
> ppc/ppc64 please stabilize (other arches don't have any 1.6 stable yet)
actually adding arches to CC, sorry...
Please stabilize the finally released 22.214.171.124 (jdk and jre), as usual.
Turns out in bug 240384 that I've used old distfiles for the javacomm optional stuff in 1.6, so ppc/ppc64 please stabilize also ibm-jdk-bin-126.96.36.199-r1 thanks.
188.8.131.52-r1 stable on ppc/ppc64.
(In reply to comment #17)
> 184.108.40.206-r1 stable on ppc/ppc64.
Please do also 220.127.116.11 (jdk and jre) see comment 14, sorry for confusion.
whoops.. 18.104.22.168 (jdk and jre) stable on ppc/ppc64, too.
all done except glsa
request filed, thanks caster.
Looks officially obsoleted/additive to bug 252416 now.
This issue has been fixed since Oct 15, 2008. No GLSA will be issued.