[tdf-discuss] Re: LibreOffice and Java Security: OpenJDK Vulnerability
On 01/15/2013 10:58 AM, Dennis E. Hamilton wrote: Again, thanks to Simon Phipps for retweeting the information. It appears that one should *not* assume that OpenJDK does not share vulnerabilities with the Oracle Java SE and JDK: The log of changes to OpenJDK for the recent vulnerability (just as indication of the Oracle updating of OpenJDK): http://mail.openjdk.java.net/pipermail/jdk7u-dev/2013-January/005354.html The CVE: http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html There is still reporting that this update is not a complete fix. I have not found a reliable technical source that makes clear what the remaining concern is, or if it is simply a lag in reports that have not recognized the latest patches. - Dennis Security releases for OpenJDK and Icedtea were released yesterday (Tues Jan 17). Of course I reckon that it will take awhile for the builds to get pushed to the distro's. http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/ http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/ -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
[tdf-discuss] Re: LibreOffice and Java Security: OpenJDK Vulnerability
On 01/16/2013 10:36 AM, NoOp wrote: ... Security releases for OpenJDK and Icedtea were released yesterday (Tues Jan 17). Of course I reckon that it will take awhile for the builds to get pushed to the distro's. http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/ http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/ Sorry, looks like I have URL stutter... here is the correct second URL: http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/ -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
[tdf-discuss] Re: LibreOffice and Java Security:
On 01/12/2013 09:53 PM, Larry Gusaas wrote: On 2013-01-12 9:22 PM lj wrote: Hi all, I am not sure if this is the correct list for this message. I recently read this article about a Java 1.7 Security Problem. The article states The U.S. Department of Homeland Security has recommended that users disable the Java 7 browser plug-in entirely. There have been multiple security vulnerabilities in the browser plug-in over the years and it is best not to enable java in your browser. Does this problem concern LibreOffice and Java??? No. It only affects the browser plug-in. ... I wonder... http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://docs.libreoffice.org/ (search on java in that page) -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
[tdf-discuss] Re: LibreOffice and Java Security:
On 2013-01-12 9:22 PM lj wrote: Hi all, I am not sure if this is the correct list for this message. I recently read this article about a Java 1.7 Security Problem. The article states The U.S. Department of Homeland Security has recommended that users disable the Java 7 browser plug-in entirely. There have been multiple security vulnerabilities in the browser plug-in over the years and it is best not to enable java in your browser. Does this problem concern LibreOffice and Java??? No. It only affects the browser plug-in. This macrumors article post and reads that this problem effects java versions 4-7. At the moment oracle are at java 7. http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/ The full title of the article is Apple Blocks Java 7 Plug-in on OS X to Address Widespread Security Threat -- _ Larry I. Gusaas Moose Jaw, Saskatchewan Canada Website: http://larry-gusaas.com An artist is never ahead of his time but most people are far behind theirs. - Edgard Varese -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted