CVE-2013-2465 is a CVE against Java, although it is against Oracle Java. It's not immediately clear to me whether or not this vulnerability is also applicable to openJDK. Can you confirm that this vulnerability does not apply to openJDK (or that it is already patched in this version)?
Labeling the file as a "virus" is probably incorrect, but my concern was that it represented an unpatched security vulnerability. Most of the other files in http://bazaar.launchpad.net/~ubuntu-security /ubuntu-cve-tracker/master/view/head:/README.virus have obvious reasons that they would constitute false positives (e.g. they are samples of exploits/viruses), but I don't see an obvious reason why this particular file would be a false positive. If this really is a false positive, then I would suggest that it's a bug in the clam database, since that means that it is detecting a Java security problem where none exists. ** Changed in: openjdk-6 (Ubuntu) Status: Invalid => New ** Also affects: clamav (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1224723 Title: Clamscan finds CVE-2013-2465 in openjdk-6-jre-headless To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1224723/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs