I'm going to set the Status to "Confirmed"; as per http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102934-1
--- A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang. Sun acknowledges, with thanks, Chris Evans of the Google Security Team, for bringing these issues to our attention. These issues are also referenced in the following documents: CVE-2007-2788 at http://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2007-2788 CVE-2007-2789 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789 --- ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-2788 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-2789 ** Changed in: sun-java6 (Ubuntu) Status: New => Confirmed -- Java has Huge Security Vulnerability, should be updated to 6update2 https://bugs.launchpad.net/bugs/126059 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
