From owner-freebsd-java  Tue Mar 19 17:22:25 2002
Delivered-To: freebsd-java@freebsd.org
Received: from mgr2.xmission.com (mgr2.xmission.com [198.60.22.202])
	by hub.freebsd.org (Postfix) with ESMTP id C86A437B404
	for <java@freebsd.org>; Tue, 19 Mar 2002 17:22:20 -0800 (PST)
Received: from [207.135.128.145] (helo=misty.eyesbeyond.com)
	by mgr2.xmission.com with esmtp (Exim 3.22 #1)
	id 16nUny-0000e5-00; Tue, 19 Mar 2002 18:22:19 -0700
Received: (from glewis@localhost)
	by misty.eyesbeyond.com (8.11.6/8.11.6) id g2K1MCQ45998;
	Wed, 20 Mar 2002 11:52:12 +1030 (CST)
	(envelope-from glewis)
Date: Wed, 20 Mar 2002 11:52:10 +1030
From: Greg Lewis <glewis@eyesbeyond.com>
To: shudo@computer.org
Cc: java@FreeBSD.ORG
Subject: Re: [setantae@submonkey.net: [body_114818111878816447@hermes.sun.com: Sun Security Bulletin #00218]]
Message-ID: <20020320115209.C45919@misty.eyesbeyond.com>
References: <20020319162422.A26883@shikima.mine.nu> <200203200034.JAA14371@cafe.muraoka.info.waseda.ac.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200203200034.JAA14371@cafe.muraoka.info.waseda.ac.jp>; from shudo@computer.org on Wed, Mar 20, 2002 at 09:34:02AM +0900
Sender: owner-freebsd-java@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-java.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-java>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-java>
X-Loop: FreeBSD.org

On Wed, Mar 20, 2002 at 09:34:02AM +0900, shudo@computer.org wrote:
> From: Rasputin <rasputin@shikima.mine.nu>
> 
> > Sorry for the length of this - I couldn't find a URL.
> 
> The #00218 of Sun Security Bulletin is at:
>   http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=secbull/218
> We are also be able to find past bulletins at:
>   http://sunsolve.sun.com/security
> 
> > Is our SCSL version vulnerable?
> 
> Probably.  The FreeBSD port of JDK 1.3.1 is based on the source code
> of the plain 1.3.1, which is the newer one Sun provides as source
> code.  The source code of 1.4.1 and even 1.3.1_02 has not been
> released.

Shudo-san is completely correct here, although I would change the
"Probably" to "Definitely" :).  The SCSL source code base is earlier
than 1.3.1_01 which is listed as vulnerable.

-- 
Greg Lewis                            Email : glewis@eyesbeyond.com
Eyes Beyond                           Web   : http://www.eyesbeyond.com
Information Technology


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-java" in the body of the message