On 23.03.2015 17:04, Emmanuel Bourg wrote:
> Le 23/03/2015 16:43, Moritz Muehlenhoff a écrit :
>> *ping*, the release is getting closer.
> I'm still missing a test case to ensure the patch does indeed address
> the issue.


a way to reproduce this issue was mentioned by upstream here:


To clarify:

CVE-2012-6153 was assigned because of an incomplete fix for
CVE-2012-5783. The latter is already addressed in Debian's package.

However CVE-2012-6153 was still incomplete, so that CVE-2014-3577 had to
be created.

See this comment in RedHat's bug tracker.


The fix for CVE-2014-3577 is supposed to fix CVE-2012-5783 and
CVE-2012-6153 which means we have to replace the current


with the one Raphael Hertzog mentioned earlier in this thread.


By the way

in wheezy and squeeze is also affected by CVE-2014-3577.

I will try to verify that the centos patch works.



Attachment: signature.asc
Description: OpenPGP digital signature

This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to