Date: Tue, 17 May 2005 09:24:07 +0300 (EEST) From: Achilleus Mantzios <achill@matrix.gatewaynet.com> To: Alfred Perlstein <alfred@freebsd.org> Cc: java@freebsd.org Subject: Re: What's up with java and security? Message-ID: <Pine.LNX.4.44.0505170913270.6900-100000@matrix.gatewaynet.com> In-Reply-To: <20050517033420.GB62055@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
O Alfred Perlstein έγραψε στις May 16, 2005 : > I wanted to play with java, but it looks like all the ports we > have are busted... > > jdk13 native has issues: > ===> jdk-1.3.1p9_5 has known vulnerabilities: > => jdk/jre -- Security Vulnerability With Java Plugin. > Reference: <http://www.FreeBSD.org/ports/portaudit/ac619d06-3ef8-11d9-8741-c942c075aa41.html>; jdk13 is a little outdated nowdays right? > > > jdk14 depends on linux-sun-jdk14 which has issues: > ===> linux-sun-jdk-1.4.2.08_1 has known vulnerabilities: > => jdk -- jar directory traversal vulnerability. > Reference: <http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html>; > Check your jar-based installations every time before you proceed, for malicious ../ files. Anyways, a jar file 99% of the cases is meant to be used as a class repository and not a replacement for tar. > Is Sun planning on fixing this? > > -- -Achilleus
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.44.0505170913270.6900-100000>