* Mark Wielaard: > Hi Florian, > > On Mon, 2009-06-08 at 15:08 +0200, Florian Weimer wrote: >> Was the fix for Sun Alert 246387 (aka CVE-2008-5345) included in >> OpenJDK 6b11? > > I believe CVE-2008-5345 is a catch all for a bundle of security update > patches: > http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2009-March/005209.html > which were later folded into OpenJDK6 b16: > http://mail.openjdk.java.net/pipermail/jdk6-dev/2009-April/thread.html#436
The dates don't match. Sun Alert 246387 was published in December 2008. Lillian's commit were prompted by a later round of fixes, I think.
