Andrew John Hughes
gnu_andrew at member.fsf.org
Mon Dec 7 05:29:46 PST 2009
2009/12/7 Deepak Mathews <deepak2427 at gmail.com>:
> Thank you Tim for your prompt reply.
> Actually, there are more security issues...
This latest batch went into OpenJDK in b77:
> These are the bug ids.
> 269868, 269869, 269870, 270474, 270475, 270476
These are all specific to the Sun JDK (deployment and plugin/web start
related issues) and affect code not in OpenJDK.
Using the bud IDs on that link, you can trivially check whether they
are in OpenJDK are not using hg log -k <bug id>:
The rest I assume are bugs in Sun proprietary code.
> On Mon, Dec 7, 2009 at 11:09 AM, Tim Bell <Tim.Bell at sun.com> wrote:
>> Deepak Mathews wrote:
>> > Does OpenJDK share a lot of codebase with SunJDK.
>> Yes, it does.
>> > There was a security issue for SunJDK...
>> ... ?? specific details please ??
>> > A command execution vulnerability in the Java Runtime Environment
>> > Toolkit may be leveraged to execute arbitrary code. This may occur as the
>> > result of a user of the Java Runtime Environment viewing a specially
>> > web page that exploits this vulnerability.
>> > This issue can occur in the following Java SE and Java SE for Business
>> > releases for Windows:
>> > JDK and JRE 6 Update 16 and earlier
>> > Note: JDK and JRE 5.0, and SDK and JRE 1.4.2 and 1.3.1 are not affected
>> > this issue.
>> > The security issues for SunJDK... Will this affect OpenJDK 7 also?
>> Where did you get the text pasted above? Were there bug-ID(s) referenced,
>> and if so, what were they?
>> JDK7 is currently in sync with security fixes, but we won't be
>> able to track this down for sure without more information.
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the jdk7-dev