Date: Wed, 13 Sep 2006 15:00:49 +0400 From: "Andrew Pantyukhin" <infofarmer@FreeBSD.org> To: "Jacques Vidrine" <nectar@freebsd.org> Cc: FreeBSD Security Team <security-team@freebsd.org>, remko@freebsd.org, David Robillard <david.robillard@gmail.com>, FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: jdk -- jar directory traversal vulnerability (CVE-2005-1080). Message-ID: <cb5206420609130400v608af18cvd733570a6138a8ee@mail.gmail.com> In-Reply-To: <684DAC90-B7E7-4EEA-A42B-83E95D4AF830@FreeBSD.org> References: <226ae0c60609121225x3a54fe80p18e85dae9c341207@mail.gmail.com> <45071E18.5020908@FreeBSD.org> <684DAC90-B7E7-4EEA-A42B-83E95D4AF830@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/13/06, Jacques Vidrine <nectar@freebsd.org> wrote: > > On 2006-09-12, at 13:52:40, Remko Lodder wrote: > > > David Robillard wrote: > >> Hi everyone, > >> Are there any workaround or a patch for this security problem? > >> FreeBSD Foundation's Java JDK and JRE 5.0 Update 7 binaries for > >> FreeBSD 6.1/i386: > >> Affected package: diablo-jdk-freebsd6.i386.1.5.0.07.00 > >> Type of problem: jdk -- jar directory traversal vulnerability. > >> Reference: <http://www.FreeBSD.org/ports/portaudit/18e5428f- > >> ae7c-11d9-837d-000e0c2e438a.html> Many thanks, > >> David > > > > Hello david, > > > > I corrected the entry, it should be fixed within little notice :) > > Hey, hold on a second... are you sure this has been fixed? As far as > I know, Sun has never issues a patch for this vulnerability. Yay Sun! http://www.freshports.org/java/jdk15/files.php?message_id=200505120414.j4C4EqNR029930@repoman.freebsd.org FreeBSD != Sun
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cb5206420609130400v608af18cvd733570a6138a8ee>