Package: sun-java6 Version: 6-00-2 Severity: critical Tags: security, upstream
The sun-java6 version in testing is vulnerable to CVE-2007-5689 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5689 From http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5689 : Overview The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. Impact CVSS Severity (version 2.0): CVSS v2 Base score: 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend) Impact Subscore: 10.0 Exploitability Subscore: 10.0 This is fixed in the unstable version, which is waiting a missing ia64 build or to be forced to migrate.