** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Package changed: ubuntu => openjdk-6 (Ubuntu)
** Changed in: openjdk-6 (Ubuntu)
Status: New => Confirmed
** Changed in: openjdk-6 (Ubuntu)
Status: Confirmed => Triaged
** Changed in: openjdk-6 (Ubuntu)
Importance: Undecided => Medium
--
IcedTea6 1.8pre (6b18~pre3-0ubuntu1) buffer overflow, possible crasher
https://bugs.launchpad.net/bugs/552287
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
Status in “openjdk-6” package in Ubuntu: Triaged
Bug description:
See Mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=555342.
(Apologies for this report, I'm not the person who discovered this bug and am
relaying the discoverer's information.)
1) Ubuntu 10.04 b1
2) IcedTea6 1.8pre (6b18~pre3-0ubuntu1)
3) No buffer overflow
4) Buffer overflow
See the steps to reproduce in the Mozilla bug; the buffer overflow is more
dramatic in Firefox nightlies with out-of-process plugins because it always
results in a crash in the plugin subprocesses. It will only sometimes result
in a crash of the Firefox process.
It's easier to just paste a fix for this bug than describe it more. The diff
is against http://icedtea.classpath.org/hg/icedtea6 revision 911fc7449289.
Marking security vulnerability for safety; I think this would be hard to
exploit.
_______________________________________________
Mailing list: https://launchpad.net/~openjdk
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openjdk
More help : https://help.launchpad.net/ListHelp
