On Fri, 18 Jan 2013 23:53:27 +0100, Landry Breuil wrote: >On Sun, Jan 13, 2013 at 05:30:31PM +0100, Landry Breuil wrote: >> On Sat, Jan 12, 2013 at 04:56:15PM -0600, Ed Ahlsen-Girard wrote: >> > Do these: >> > >> > >> > Vulnerability Note VU#625617 >> > >> > Alert (TA13-010A) >> > >> > apply to the IcedTea in packages? >> >> No fu****g idea, when in doubt consider yes. There's no related commit >> in their hg tree. Java sucks, news at 11. > >After a bit more digging : >https://bugzilla.redhat.com/show_bug.cgi?id=894172 >So it seems our icedtea-web was vulnerable because we build it with jdk >1.7 (redhat builds it with openjdk 6) - but kurt@ has just commited an >update to a jdk 1.7 with a fix for the CVE : >http://marc.info/?l=openbsd-ports-cvs&m=135854826231558&w=2 > >So i think we should be good now.
Unless this is factual http://developers.slashdot.org/story/13/01/18/1838243/latest-java-update -broken-two-new-sandbox-bypass-flaws-found > >Landry > *** NOTE *** Please DO NOT CC me. I <am> subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.