From owner-freebsd-questions@FreeBSD.ORG  Wed Sep 13 11:01:01 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9B53B16A47E
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Sep 2006 11:01:01 +0000 (UTC)
	(envelope-from infofarmer@gmail.com)
Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.182])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C6AE243D76
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Sep 2006 11:00:55 +0000 (GMT)
	(envelope-from infofarmer@gmail.com)
Received: by py-out-1112.google.com with SMTP id o67so2871593pye
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Sep 2006 04:00:55 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
	b=QJbTJt84JsmScv8tWESsyVLL84Qw2B8XdkNJEdHqNLQjJb8OXGZoKC95dEoeHGQTe/I2c9cF2EQKYWqlUOTEY87UsNfX/z8KY6SU9Gdtvs1MwmE4PB+SNM8++7Bo6X2jZYO7gMshVwvZGO7uB26bXieQ0SQ18BQKdY9IGmiBJHE=
Received: by 10.35.54.1 with SMTP id g1mr12737091pyk;
	Wed, 13 Sep 2006 04:00:54 -0700 (PDT)
Received: by 10.35.105.10 with HTTP; Wed, 13 Sep 2006 04:00:49 -0700 (PDT)
Message-ID: <cb5206420609130400v608af18cvd733570a6138a8ee@mail.gmail.com>
Date: Wed, 13 Sep 2006 15:00:49 +0400
From: "Andrew Pantyukhin" <infofarmer@FreeBSD.org>
Sender: infofarmer@gmail.com
To: "Jacques Vidrine" <nectar@freebsd.org>
In-Reply-To: <684DAC90-B7E7-4EEA-A42B-83E95D4AF830@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <226ae0c60609121225x3a54fe80p18e85dae9c341207@mail.gmail.com>
	<45071E18.5020908@FreeBSD.org>
	<684DAC90-B7E7-4EEA-A42B-83E95D4AF830@FreeBSD.org>
X-Google-Sender-Auth: a69818bd6e60ad42
Cc: FreeBSD Security Team <security-team@freebsd.org>, remko@freebsd.org,
	David Robillard <david.robillard@gmail.com>,
	FreeBSD Questions Mailing List <freebsd-questions@freebsd.org>
Subject: Re: jdk -- jar directory traversal vulnerability (CVE-2005-1080).
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2006 11:01:01 -0000

On 9/13/06, Jacques Vidrine <nectar@freebsd.org> wrote:
>
> On 2006-09-12, at 13:52:40, Remko Lodder wrote:
>
> > David Robillard wrote:
> >> Hi everyone,
> >> Are there any workaround or a patch for this security problem?
> >> FreeBSD Foundation's Java JDK and JRE 5.0 Update 7 binaries for
> >> FreeBSD 6.1/i386:
> >> Affected package: diablo-jdk-freebsd6.i386.1.5.0.07.00
> >> Type of problem: jdk -- jar directory traversal vulnerability.
> >> Reference: <http://www.FreeBSD.org/ports/portaudit/18e5428f-
> >> ae7c-11d9-837d-000e0c2e438a.html> Many thanks,
> >> David
> >
> > Hello david,
> >
> > I corrected the entry, it should be fixed within little notice :)
>
> Hey, hold on a second... are you sure this has been fixed?  As far as
> I know, Sun has never issues a patch for this vulnerability.  Yay Sun!

http://www.freshports.org/java/jdk15/files.php?message_id=200505120414.j4C4EqNR029930@repoman.freebsd.org

FreeBSD != Sun