Date: Tue, 12 Sep 2006 15:04:51 -0700 From: Jacques Vidrine <nectar@FreeBSD.org> To: remko@FreeBSD.org Cc: FreeBSD Security Team <security-team@FreeBSD.org>, David Robillard <david.robillard@gmail.com>, FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: jdk -- jar directory traversal vulnerability (CVE-2005-1080). Message-ID: <684DAC90-B7E7-4EEA-A42B-83E95D4AF830@FreeBSD.org> In-Reply-To: <45071E18.5020908@FreeBSD.org> References: <226ae0c60609121225x3a54fe80p18e85dae9c341207@mail.gmail.com> <45071E18.5020908@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2006-09-12, at 13:52:40, Remko Lodder wrote: > David Robillard wrote: >> Hi everyone, >> Are there any workaround or a patch for this security problem? >> FreeBSD Foundation's Java JDK and JRE 5.0 Update 7 binaries for >> FreeBSD 6.1/i386: >> Affected package: diablo-jdk-freebsd6.i386.1.5.0.07.00 >> Type of problem: jdk -- jar directory traversal vulnerability. >> Reference: <http://www.FreeBSD.org/ports/portaudit/18e5428f- >> ae7c-11d9-837d-000e0c2e438a.html> Many thanks, >> David > > Hello david, > > I corrected the entry, it should be fixed within little notice :) Hey, hold on a second... are you sure this has been fixed? As far as I know, Sun has never issues a patch for this vulnerability. Yay Sun! Cheers, -- Jacques Vidrine <nectar@FreeBSD.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?684DAC90-B7E7-4EEA-A42B-83E95D4AF830>