From owner-freebsd-java@FreeBSD.ORG  Tue Sep 29 05:01:16 2009
Return-Path: <owner-freebsd-java@FreeBSD.ORG>
Delivered-To: freebsd-java@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6F9E6106566B;
	Tue, 29 Sep 2009 05:01:16 +0000 (UTC)
	(envelope-from roberthuff@rcn.com)
Received: from smtp02.lnh.mail.rcn.net (smtp02.lnh.mail.rcn.net
	[207.172.157.102])
	by mx1.freebsd.org (Postfix) with ESMTP id D87978FC0A;
	Tue, 29 Sep 2009 05:01:15 +0000 (UTC)
Received: from mr02.lnh.mail.rcn.net ([207.172.157.22])
	by smtp02.lnh.mail.rcn.net with ESMTP; 29 Sep 2009 00:32:01 -0400
Received: from smtp01.lnh.mail.rcn.net (smtp01.lnh.mail.rcn.net [207.172.4.11])
	by mr02.lnh.mail.rcn.net (MOS 3.10.7-GA) with ESMTP id QFC41401;
	Tue, 29 Sep 2009 00:30:54 -0400 (EDT)
Received: from 209-6-22-227.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com (HELO
	jerusalem.litteratus.org.litteratus.org) ([209.6.22.227])
	by smtp01.lnh.mail.rcn.net with ESMTP; 29 Sep 2009 00:30:53 -0400
From: Robert Huff <roberthuff@rcn.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <19137.36221.789093.590674@jerusalem.litteratus.org>
Date: Tue, 29 Sep 2009 00:30:53 -0400
To: Greg Lewis <glewis@eyesbeyond.com>
In-Reply-To: <20090929034837.GA56588@misty.eyesbeyond.com>
References: <20090928101048.GA1189@phenom.cordula.ws>
	<20090929034837.GA56588@misty.eyesbeyond.com>
X-Mailer: VM 7.17 under 21.5  (beta28) "fuki" XEmacs Lucid
X-Junkmail-Whitelist: YES (by domain whitelist at mr02.lnh.mail.rcn.net)
Cc: Greg Lewis <glewis@freebsd.org>, cpghost <cpghost@cordula.ws>,
	freebsd-questions@freebsd.org, freebsd-java@freebsd.org
Subject: Re: java/jdk16 vulnerability?
X-BeenThere: freebsd-java@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting Java to FreeBSD <freebsd-java.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-java>,
	<mailto:freebsd-java-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-java>
List-Post: <mailto:freebsd-java@freebsd.org>
List-Help: <mailto:freebsd-java-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-java>,
	<mailto:freebsd-java-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2009 05:01:16 -0000


Greg Lewis writes:

>  >   Your installed version of Java is vulnerable to a severe remote
>  >   exploit (remote code execution!). You must upgrade to at least Java
>  >   5 update 20 or Java 6 update 15 as soon as possible. Freenet has
>  >   disabled any plugins handling XML for the time being, but this
>  >   includes searching and chat so you should upgrade ASAP!
>  
>  We're almost certainly vulnerable.  The jdk16 port is at Update 3.


>  We need an entry in the VUXML database I guess.
>  
>  Updating java/jdk16 is going to be a slow process.  There are
>  lots of changes between Update 3 and Update 15.  I've partially
>  merged Update 4, but obviously that still leaves many to go...

	As someone with zero knowledge of Java internals: what is the
recommended version at the moment? 


				Robert Huff