On 01/15/2013 10:58 AM, Dennis E. Hamilton wrote:
Again, thanks to Simon Phipps for retweeting the information. It appears that one should *not* assume that OpenJDK does not share vulnerabilities with the Oracle Java SE and JDK: The log of changes to OpenJDK for the recent vulnerability (just as indication of the Oracle updating of OpenJDK): <http://mail.openjdk.java.net/pipermail/jdk7u-dev/2013-January/005354.html> The CVE: <http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html> There is still reporting that this update is not a complete fix. I have not found a reliable technical source that makes clear what the remaining concern is, or if it is simply a lag in reports that have not recognized the latest patches. - Dennis
Security releases for OpenJDK and Icedtea were released yesterday (Tues Jan 17). Of course I reckon that it will take awhile for the builds to get pushed to the distro's. <http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/> <http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/> -- Unsubscribe instructions: E-mail to discuss+help@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted