CVE-2013-2465 is a CVE against Java, although it is against Oracle Java.
It's not immediately clear to me whether or not this vulnerability is
also applicable to openJDK. Can you confirm that this vulnerability
does not apply to openJDK (or that it is already patched in this
version)?
Labeling
The Java.Exploit.CVE_2013_2465 virus takes advantage of unpatched
versions of Java and OpenJDK which are vulnerable to CVE-2013-2465. The
signature isn't meant to detect the vulnerability itself, but a specific
piece of malware that targets it.
OpenJDK got updated for this CVE in July:
I've submitted the false positive to ClamAV.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in Ubuntu.
https://bugs.launchpad.net/bugs/1224723
Title:
Clamscan finds CVE-2013-2465 in openjdk-6-jre-headless
To manage