CVE-2013-2465 is a CVE against Java, although it is against Oracle Java. It's not immediately clear to me whether or not this vulnerability is also applicable to openJDK. Can you confirm that this vulnerability does not apply to openJDK (or that it is already patched in this version)?
Labeling the file as a "virus" is probably incorrect, but my concern was that it represented an unpatched security vulnerability. Most of the other files in http://bazaar.launchpad.net/~ubuntu-security /ubuntu-cve-tracker/master/view/head:/README.virus have obvious reasons that they would constitute false positives (e.g. they are samples of exploits/viruses), but I don't see an obvious reason why this particular file would be a false positive. If this really is a false positive, then I would suggest that it's a bug in the clam database, since that means that it is detecting a Java security problem where none exists. ** Changed in: openjdk-6 (Ubuntu) Status: Invalid => New ** Also affects: clamav (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of OpenJDK, which is subscribed to openjdk-6 in Ubuntu. https://bugs.launchpad.net/bugs/1224723 Title: Clamscan finds CVE-2013-2465 in openjdk-6-jre-headless Status in “clamav” package in Ubuntu: New Status in “openjdk-6” package in Ubuntu: New Bug description: Running a clamscan on a Ubuntu 12.04.3 system reports that vunlerability CVE-2013-2465 was detected in version 6b27-1.12.6-1ubuntu0.12.04.2 of openjdk-6-jre-headless: Run this: #/usr/bin/clamscan -ri --max-filesize=100M /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/ Get this: /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar: Java.Exploit.CVE_2013_2465 FOUND To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1224723/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~openjdk Post to : [email protected] Unsubscribe : https://launchpad.net/~openjdk More help : https://help.launchpad.net/ListHelp
