I found CVE-2013-0422 on the TODO list: https://security-tracker.debian.org/tracker/status/todo
Cheers, Andreas --- Andreas Kuckartz: > David Gerard: >> I would assume the recent JDK7 hole would also affect OpenJDK7, given >> they're pretty much the same codebase. >> >> But OpenJDK6 is based on OpenJDK7, cut down to pass JCK6. Has anyone >> checked if OpenJDK6 is vulnerable? > > CERT states this: > > "Systems Affected > > Any system using Oracle Java 7 (1.7, 1.7.0) including > > Java Platform Standard Edition 7 (Java SE 7) > Java SE Development Kit (JDK 7) > Java SE Runtime Environment (JRE 7) > OpenJDK 7 and 7u > IcedTea 2.x (IcedTea7 2.x) > > All versions of Java 7 through update 10 are affected. Web browsers > using the Java 7 plug-in are at high risk." > > "Revision History > > January 10, 2013: Initial release > January 14, 2013: Added fix information per Java 7u11 release > January 15, 2013: Added OpenJDK and IcedTea to Systems Affected" > > http://www.us-cert.gov/cas/techalerts/TA13-010A.html > > Debian states that OpenJDK6 and OpenJDK7 are not vulnerable regarding > CVE-2013-0422: > https://security-tracker.debian.org/tracker/CVE-2013-0422 > https://security-tracker.debian.org/tracker/source-package/openjdk-7 > > *But* > > "There's currently a technical problem with the Tracker not updating > from the database." > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690774#15 > > Maybe that security tracker issue has not yet been resolved? > > Cheers, > Andreas > > -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50f7d0e4.1050...@ping.de
