On Tue, May 12, 2009 at 11:42 AM, Andreas Heinlein <aheinl...@gmx.com> wrote: > Hello, > > I am wondering what the security status of openjdk, sun-java6 and > sun-java5 in hardy is. After the latest security holes were discovered > in the Sun JRE 6u12 and Sun JRE6u13 was released, fixes were released as > well for openjdk packages for intrepid and jaunty, because openjdk is in > main for these distributions. > > I contacted Kees Cook for updated hardy packages, and he told me that > since openjdk is in universe for hardy, he cannot do anything except > wait for updated packages. Several weeks have passed since then, updated > debian lenny packages for openjdk6b11 have been released in the > meantime, but still no hardy update. > > He pointed me to a CVE tracker of ubuntu packages > (http://people.ubuntu.com/~ubuntu-security/cve/universe-all.html#universe) > which shows e.g. CVE-2009-1096 is still open for hardy. > > If I'm correct, this means that there is currently no security-hole free > java runtime for hardy, at least none with a usable web browser plugin > (I do not consider gcjwebplugin usable...). This is bad, especially > since hardy is a LTS release. > > Can someone here tell me how to "Push" things a little in order to get > this fixed?
Hi Andreas, Packages located in universe are generally maintained by motu-swat and contributors. We would love to have your assistance within the motu-swat team. The following resources will assist you in getting started. Also feel free to drop by #ubuntu-hardened or hunt me down on irc :) https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened https://wiki.ubuntu.com/SecurityTeam https://wiki.ubuntu.com/StableReleaseUpdates https://wiki.ubuntu.com/MOTU/GettingStarted Regards, Stefan stefanlsd (freenode) -- Ubuntu-motu mailing list Ubuntu-motu@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
