On 01/15/2013 10:58 AM, Dennis E. Hamilton wrote:
> Again, thanks to Simon Phipps for retweeting the information.
> 
> It appears that one should *not* assume that OpenJDK does not share 
> vulnerabilities with the Oracle Java SE and JDK:
> 
> The log of changes to OpenJDK for the recent vulnerability (just as 
> indication of the Oracle updating of OpenJDK):
> <http://mail.openjdk.java.net/pipermail/jdk7u-dev/2013-January/005354.html>
> 
> The CVE:
> <http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html>
> 
> There is still reporting that this update is not a complete fix.  I have not 
> found a reliable technical source that makes clear what the remaining concern 
> is, or if it is simply a lag in reports that have not recognized the latest 
> patches.
> 
>  - Dennis

Security releases for OpenJDK and Icedtea were released yesterday (Tues
Jan 17). Of course I reckon that it will take awhile for the builds to
get pushed to the distro's.

<http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/>
<http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/>





-- 
Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted

Reply via email to