with the famed Java Applet disappearing into history.
>
> [ ... ]
>
> -Original Message-
> From: Simon Phipps [mailto:si...@webmink.com]
> Sent: Tuesday, January 15, 2013 19:29
> To: Dennis Hamilton
> Cc: lj; Libreoffice Discussion List
> Subject: Re: [tdf-di
ebmink.com]
Sent: Tuesday, January 15, 2013 19:29
To: Dennis Hamilton
Cc: lj; Libreoffice Discussion List
Subject: Re: [tdf-discuss] LibreOffice and Java Security: OpenJDK Vulnerability
I'm investigating, but the issue is a sandbox security manager bypass using
unauthorised reflection and that
, January 15, 2013 19:29
To: Dennis Hamilton
Cc: lj; Libreoffice Discussion List
Subject: Re: [tdf-discuss] LibreOffice and Java Security: OpenJDK Vulnerability
I'm investigating, but the issue is a sandbox security manager bypass using
unauthorised reflection and that's exploited using Rhino J
I'm investigating, but the issue is a sandbox security manager bypass using
unauthorised reflection and that's exploited using Rhino Javascript. So the
context has to be a browser for there to be an issue even if OpenJDK is
affected. See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0422 for
Again, thanks to Simon Phipps for retweeting the information.
It appears that one should *not* assume that OpenJDK does not share
vulnerabilities with the Oracle Java SE and JDK:
The log of changes to OpenJDK for the recent vulnerability (just as indication
of the Oracle updating of OpenJDK):
<
