** Changed in: openjdk-13 (Ubuntu)
Status: New => Won't Fix
** Changed in: openjdk-14 (Ubuntu)
Status: New => Won't Fix
** Changed in: openjdk-15 (Ubuntu)
Status: New => Won't Fix
** Changed in: openjdk-16 (Ubuntu)
Status: New => Won't Fix
** Changed in: openjdk-17
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-8 in Ubuntu.
https://bugs.launchpad.net/bugs/1933832
Title:
Path traversal leads to arbitrary file read
Status in
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
This is an ancient bug and likely no longer applies to recent releases.
As such, I am closing it.
If anyone is still hitting this issue with current releases, please file
a new bug.
** Changed in: ca-certificates-java (Ubuntu)
Status: Confirmed => Invalid
** Changed in: empathy (Ubuntu)
** Changed in: openjdk-8 (Ubuntu)
Importance: Undecided => Critical
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-8 in Ubuntu.
https://bugs.launchpad.net/bugs/1707082
Title:
regression on openjdk-8 caused by the S8169392 security
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Looks like openjdk-7 in wily now includes this. Marking as fix released.
** Changed in: openjdk-7 (Ubuntu)
Status: Incomplete => Fix Released
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-7 in Ubuntu.
cautious-launcher is an Ubuntu-specific helper that ensures .jar files
have the required executable bit set in order to comply with the
following:
https://wiki.ubuntu.com/SecurityTeam/Policies#Execute-
Permission_Bit_Required
The problem with openjdk is with this section in the rules file:
#
Actually, I've read that wrong. I think the issue is the comparison
here:
ifeq ($(java_launcher),cautious-launcher)
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-7 in Ubuntu.
https://bugs.launchpad.net/bugs/1448548
Title:
OpenJDK
** Also affects: ca-certificates-java (Ubuntu Vivid)
Importance: Undecided
Status: New
** Also affects: ca-certificates-java (Ubuntu Utopic)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to
** Changed in: nss (Ubuntu Lucid)
Status: New = Invalid
** Changed in: ca-certificates-java (Ubuntu Precise)
Status: New = Invalid
** Changed in: ca-certificates-java (Ubuntu Lucid)
Status: New = Invalid
--
You received this bug notification because you are a member of
** Changed in: openjdk-6 (Ubuntu)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in Ubuntu.
https://bugs.launchpad.net/bugs/1283828
Title:
Cannot find any provider
Thanks for reporting this.
It looks like a false positive. None of the files are detected as being
a virus once the archive is extracted, and online scanner don't detect
the file as a virus.
I've updated the list of known false positives here:
The Java.Exploit.CVE_2013_2465 virus takes advantage of unpatched
versions of Java and OpenJDK which are vulnerable to CVE-2013-2465. The
signature isn't meant to detect the vulnerability itself, but a specific
piece of malware that targets it.
OpenJDK got updated for this CVE in July:
I've submitted the false positive to ClamAV.
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in Ubuntu.
https://bugs.launchpad.net/bugs/1224723
Title:
Clamscan finds CVE-2013-2465 in openjdk-6-jre-headless
Status in “clamav” package
*** This bug is a duplicate of bug 967961 ***
https://bugs.launchpad.net/bugs/967961
** This bug has been marked a duplicate of bug 967961
package ca-certificates-java 20110912ubuntu3.1 failed to install/upgrade:
ErrorMessage: subprocess installed post-installation script returned error
*** This bug is a duplicate of bug 967961 ***
https://bugs.launchpad.net/bugs/967961
** This bug has been marked a duplicate of bug 967961
package ca-certificates-java 20110912ubuntu3.1 failed to install/upgrade:
ErrorMessage: subprocess installed post-installation script returned error
*** This bug is a duplicate of bug 967961 ***
https://bugs.launchpad.net/bugs/967961
** This bug has been marked a duplicate of bug 967961
package ca-certificates-java 20110912ubuntu3.1 failed to install/upgrade:
ErrorMessage: subprocess installed post-installation script returned error
*** This bug is a duplicate of bug 967961 ***
https://bugs.launchpad.net/bugs/967961
** This bug has been marked a duplicate of bug 967961
package ca-certificates-java 20110912ubuntu3.1 failed to install/upgrade:
ErrorMessage: subprocess installed post-installation script returned error
-java (Ubuntu Oneiric)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: ca-certificates-java (Ubuntu Oneiric)
Importance: Undecided = High
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu
*** This bug is a duplicate of bug 967961 ***
https://bugs.launchpad.net/bugs/967961
** This bug has been marked a duplicate of bug 967961
package ca-certificates-java 20110912ubuntu3.1 failed to install/upgrade:
ErrorMessage: subprocess installed post-installation script returned error
** Summary changed:
- ca-certificates-java tries to call java binary before it's installed
+ multiarch broke circular dependency workaround
** Changed in: ca-certificates-java (Ubuntu)
Milestone: None = ubuntu-12.04-beta-2
** Changed in: ca-certificates-java (Ubuntu)
Assignee:
** Changed in: ca-certificates-java (Ubuntu)
Assignee: Canonical Foundations Team (canonical-foundations) = Marc
Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https
** Also affects: ca-certificates-java (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: ca-certificates-java (Ubuntu Precise)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: New
** Changed in: ca-certificates-java (Ubuntu Lucid
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/962378
Title:
ca-certificates-java tries to call java binary before it's installed
Status in “ca-certificates-java” package in
Public bug reported:
The postinst tries to call java without it being available...
root@sec-precise-amd64:/etc# apt-get install ca-certificates-java
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically
Public bug reported:
Apport hook crashes because of lack of appropriate privileges:
mdeslaur@sec-precise-amd64:~$ ubuntu-bug ca-certificates-java
ERROR: hook /usr/share/apport/general-hooks/ubuntu.py crashed:
Traceback (most recent call last):
File
** Package changed: ca-certificates-java (Ubuntu) = apport (Ubuntu)
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/962381
Title:
apport hook crashes because of lack of
ca-certificates-java and openjdk-6-jre-headless have circular
dependencies
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/962378
Title:
ca-certificates-java tries to call java
The ca-certificates-java postinst tries to work around the circular
dependency with the following:
setup_path()
{
for jvm in java-6-openjdk java-7-openjdk java-6-sun; do
if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
break
fi
done
export
Argh, stupid copy paste...reposting info to get readable layout:
First bug: natty and earlier's ca-certificates-java hook doesn't strip
the right filename extension, so the DigiNotar cert doesn't get removed
from the java store when ca-certificates is upgraded.
Second bug: oneiric and later's
Testing has revealed a whole slew of issues with the way the debian
packaging attemps to update the java cert store:
bug #1: natty and earlier's ca-certificates-java hook doesn't strip the right
filename extension,
so the DigiNotar cert doesn't get removed from the java store when
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3555
--
Jaunty icedtea6-plugin doesn’t work in Firefox 3.5
https://bugs.launchpad.net/bugs/359407
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
Status in
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3555
--
Applets use 100% of CPU
https://bugs.launchpad.net/bugs/551328
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
Status in OpenJDK: Confirmed
Status
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3555
--
wrong metric for Chinese font in OpenJDK applications
https://bugs.launchpad.net/bugs/472845
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
Status
45 matches
Mail list logo