From owner-freebsd-java@FreeBSD.ORG  Tue Sep 29 05:27:15 2009
Return-Path: <owner-freebsd-java@FreeBSD.ORG>
Delivered-To: freebsd-java@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 336E1106566B;
	Tue, 29 Sep 2009 05:27:15 +0000 (UTC)
	(envelope-from wcai@xwarelabs.org)
Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.251])
	by mx1.freebsd.org (Postfix) with ESMTP id B8A2C8FC12;
	Tue, 29 Sep 2009 05:27:14 +0000 (UTC)
Received: by an-out-0708.google.com with SMTP id d14so1781505and.13
	for <multiple recipients>; Mon, 28 Sep 2009 22:27:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.80.2 with SMTP id d2mr4036391anb.35.1254200727929; Mon, 28 
	Sep 2009 22:05:27 -0700 (PDT)
X-Originating-IP: [202.8.27.5]
In-Reply-To: <19137.36221.789093.590674@jerusalem.litteratus.org>
References: <20090928101048.GA1189@phenom.cordula.ws>
	<20090929034837.GA56588@misty.eyesbeyond.com>
	<19137.36221.789093.590674@jerusalem.litteratus.org>
X-Goomoji-Body: true
Date: Tue, 29 Sep 2009 13:05:27 +0800
Message-ID: <fb734c250909282205yafe36dbqc8020b21335ae1ed@mail.gmail.com>
From: Wenliang Cai <wcai@xwarelabs.org>
To: Robert Huff <roberthuff@rcn.com>
Content-Type: multipart/related; boundary=0050450176f4dd84020474b05cf4
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: Greg Lewis <glewis@freebsd.org>, cpghost <cpghost@cordula.ws>,
	freebsd-questions@freebsd.org, freebsd-java@freebsd.org
Subject: Re: java/jdk16 vulnerability?
X-BeenThere: freebsd-java@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting Java to FreeBSD <freebsd-java.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-java>,
	<mailto:freebsd-java-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-java>
List-Post: <mailto:freebsd-java@freebsd.org>
List-Help: <mailto:freebsd-java-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-java>,
	<mailto:freebsd-java-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2009 05:27:15 -0000

--0050450176f4dd84020474b05cf4
Content-Type: text/plain; charset=UTF-8

Perhaps we can have a specific page to show the recommended JDK version for
all people including these who are not in the list... [?]

On Tue, Sep 29, 2009 at 12:30 PM, Robert Huff <roberthuff@rcn.com> wrote:

>
> Greg Lewis writes:
>
> >  >   Your installed version of Java is vulnerable to a severe remote
> >  >   exploit (remote code execution!). You must upgrade to at least Java
> >  >   5 update 20 or Java 6 update 15 as soon as possible. Freenet has
> >  >   disabled any plugins handling XML for the time being, but this
> >  >   includes searching and chat so you should upgrade ASAP!
> >
> >  We're almost certainly vulnerable.  The jdk16 port is at Update 3.
>
>
> >  We need an entry in the VUXML database I guess.
> >
> >  Updating java/jdk16 is going to be a slow process.  There are
> >  lots of changes between Update 3 and Update 15.  I've partially
> >  merged Update 4, but obviously that still leaves many to go...
>
>         As someone with zero knowledge of Java internals: what is the
> recommended version at the moment?
>
>
>                                Robert Huff
>
> _______________________________________________
> freebsd-java@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-java
> To unsubscribe, send any mail to "freebsd-java-unsubscribe@freebsd.org"
>

--0050450176f4dd84020474b05cf4--