Bug#463501: allows unauthorized remote arbitrary code execution (CVE-2007-5689)
fixed 463501 1.5.0-13-1 thanks Hi Philippe, * Philippe Cloutier [EMAIL PROTECTED] [2008-02-01 09:54]: Package: sun-java5 Version: 1.5.0-10-3 Severity: critical Tags: security, fixed-upstream 1.5.0-10 is vulnerable to CVE-2007-5689 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5689 From http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5689 : [...] Note that non-free is not supported by the security team so don't expect this will be fixed by the stable security team. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpfFHOhyfWqR.pgp Description: PGP signature
Bug#463501: allows unauthorized remote arbitrary code execution (CVE-2007-5689)
Package: sun-java5 Version: 1.5.0-10-3 Severity: critical Tags: security, fixed-upstream 1.5.0-10 is vulnerable to CVE-2007-5689 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5689 From http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5689 : Overview The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. Impact CVSS Severity (version 2.0): CVSS v2 Base score: 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend) Impact Subscore: 10.0 Exploitability Subscore: 10.0