Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 330663 - <dev-java/ibm-{jdk,jre}-bin-{1.5.0.12_p1, 1.6.0.8_p1}: Multiple Vulnerabilities
Summary: <dev-java/ibm-{jdk,jre}-bin-{1.5.0.12_p1, 1.6.0.8_p1}: Multiple Vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [noglsa]
Keywords:
Depends on:
Blocks: java-security
  Show dependency tree
 
Reported: 2010-07-31 23:10 UTC by Michael Weber (RETIRED)
Modified: 2016-03-05 11:40 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Weber (RETIRED) gentoo-dev 2010-07-31 23:10:32 UTC
i've just seen this newer version of the 1.5 series, thanks
Comment 1 Dmitry Karasik 2010-09-16 18:58:39 UTC
1.5.0.12 FP1 and 1.6.0.8 FP1 are now out
Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-09-16 21:30:28 UTC
Seems there are security reasons for the bumps:

1.6 slot: http://www.ibm.com/developerworks/java/jdk/alerts/ mentions     CVE-2010-0887
1.5 slot: http://www-01.ibm.com/support/docview.wss?uid=swg21420576 mentions some sun security bulletins (at least in .11 FP 2 which we don't have so .12 FP1 will work too)

Comment 3 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-09-16 21:50:40 UTC
Please stabilize:
dev-java/ibm-jdk-bin-1.6.0.8_p1
dev-java/ibm-jdk-bin-1.5.0.12_p1
dev-java/ibm-jre-bin-1.6.0.8_p1
dev-java/ibm-jre-bin-1.5.0.12_p1

distfiles will be available as usual via ssh in d.g.o:~caster/tmp
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2010-09-17 06:12:44 UTC
(In reply to comment #3)
> Please stabilize:
> dev-java/ibm-jdk-bin-1.5.0.12_p1
> dev-java/ibm-jre-bin-1.5.0.12_p1
> 
> distfiles will be available as usual via ssh in d.g.o:~caster/tmp

 Those distfiles are not there.
Comment 5 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-09-20 15:38:58 UTC
(In reply to comment #4)
>  Those distfiles are not there.
 
Fixed, sorry.
Comment 6 Markos Chandras (RETIRED) gentoo-dev 2010-09-26 12:07:34 UTC
amd64 done
Comment 7 Brent Baude (RETIRED) gentoo-dev 2010-09-28 22:27:11 UTC
ppc64 and ppc done
Comment 8 Markus Meier gentoo-dev 2010-10-05 20:29:08 UTC
x86 stable, all arches done.
Comment 9 Stefan Behte (RETIRED) gentoo-dev Security 2010-10-07 21:52:18 UTC
GLSA request filed.
Comment 10 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-03-05 11:26:32 UTC
A quick search shows no results for a GLSA that was released per previous comments.

The issue was fixed in later releases from Sun and marked stable.  No vulnerable versions are in the tree as of a long time.  The package is also masked.