On 01/15/2013 10:58 AM, Dennis E. Hamilton wrote:
Again, thanks to Simon Phipps for retweeting the information.
It appears that one should *not* assume that OpenJDK does not share
vulnerabilities with the Oracle Java SE and JDK:
The log of changes to OpenJDK for the recent vulnerability (just as
indication of the Oracle updating of OpenJDK):
http://mail.openjdk.java.net/pipermail/jdk7u-dev/2013-January/005354.html
The CVE:
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
There is still reporting that this update is not a complete fix. I have not
found a reliable technical source that makes clear what the remaining concern
is, or if it is simply a lag in reports that have not recognized the latest
patches.
- Dennis
Security releases for OpenJDK and Icedtea were released yesterday (Tues
Jan 17). Of course I reckon that it will take awhile for the builds to
get pushed to the distro's.
http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/
http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/
--
Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted