On 01/15/2013 10:58 AM, Dennis E. Hamilton wrote: > Again, thanks to Simon Phipps for retweeting the information. > > It appears that one should *not* assume that OpenJDK does not share > vulnerabilities with the Oracle Java SE and JDK: > > The log of changes to OpenJDK for the recent vulnerability (just as > indication of the Oracle updating of OpenJDK): > <http://mail.openjdk.java.net/pipermail/jdk7u-dev/2013-January/005354.html> > > The CVE: > <http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html> > > There is still reporting that this update is not a complete fix. I have not > found a reliable technical source that makes clear what the remaining concern > is, or if it is simply a lag in reports that have not recognized the latest > patches. > > - Dennis
Security releases for OpenJDK and Icedtea were released yesterday (Tues Jan 17). Of course I reckon that it will take awhile for the builds to get pushed to the distro's. <http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/> <http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/> -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted