Is sun-java6 6.26-0squeeze1 vulnerable to CVE-2012-1723?
Niels Thykier
niels at thykier.net
Tue Aug 14 21:21:48 UTC 2012
On 2012-08-14 23:16, Kevin wrote:
> Sorry if this has been addressed elsewhere. I searched the list and bug reports and didn't see anything.
>
> I'm running Squeeze and today Iceweasel informed me that Java Plug-in 1.6.0_26 is insecure and recommended disabling it.
>
> Versions below 1.6.0_33 or between 1.7.0 and 1.7.0_5 are now in the Mozilla "blocklist":
>
> https://addons.mozilla.org/en-US/firefox/blocked/p119
> https://bugzilla.mozilla.org/show_bug.cgi?id=780717
>
> My question is, is sun-java6 6.26-0squeeze1 vulnerable to CVE-2012-1723? If yes, this is a bug against sun-java6 to update the package. If no, I need to file a bug against mozilla's blocklist for incorrectly flagging this version as insecure.
>
> Thanks,
> Kevin
>
Hi,
It is quite possible that sun-java6 is vulnerable to that CVE; I haven't
checked. The problem is that we cannot do anything about it as we do
not have permission to distribute updates for sun-java6[1]...
~Niels
[1]
http://sylvestre.ledru.info/blog/sylvestre/2011/08/26/sun_java6_packages_removed_from_debian_u
More information about the pkg-java-maintainers
mailing list