From owner-freebsd-java@FreeBSD.ORG Tue Sep 6 17:00:00 2011 Return-Path: Delivered-To: java@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26BBE1065674 for ; Tue, 6 Sep 2011 17:00:00 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com [209.85.218.54]) by mx1.freebsd.org (Postfix) with ESMTP id D842B8FC16 for ; Tue, 6 Sep 2011 16:59:58 +0000 (UTC) Received: by yib19 with SMTP id 19so4916723yib.13 for ; Tue, 06 Sep 2011 09:59:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=5fDRuCB5xxEhPETJFV2qPfRg//Ot5gv/UUDZucGVHho=; b=BYqLAxGm1jCiGZPIPOyTG91GmjmpSe/Z9HFRzlDxh7Z6EEUCVK6xogcGicoB03ourb kVk4T5Ih/8c73kC4/MODj+40LzztFUNvTNAUxVUgPX8I5KTjtT25Zv/O8YJjMWMfFhH7 f16DbtUQqVFOVn/+Ls7dXRq3p4L1QifobFIRg= Received: by 10.43.44.73 with SMTP id uf9mr4808552icb.507.1315328398070; Tue, 06 Sep 2011 09:59:58 -0700 (PDT) MIME-Version: 1.0 Sender: utisoft@gmail.com Received: by 10.231.61.148 with HTTP; Tue, 6 Sep 2011 09:59:28 -0700 (PDT) In-Reply-To: <20110906042713.GA70947@misty.eyesbeyond.com> References: <20110906042713.GA70947@misty.eyesbeyond.com> From: Chris Rees Date: Tue, 6 Sep 2011 17:59:28 +0100 X-Google-Sender-Auth: 52aX08HuCIqMcHfUa6o-n87D71Y Message-ID: To: Greg Lewis Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: java@freebsd.org Subject: Re: CVE for Java X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Sep 2011 17:00:00 -0000 On 6 Sep 2011 05:27, "Greg Lewis" wrote: > > G'day Chris, > > On Sat, Sep 03, 2011 at 11:36:49AM +0100, Chris Rees wrote: > > Hey all, > > > > Should there be a vuxml for this? I'm happy to write one if necessary. > > > > http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-3= 05811.html > > All the ports built from source had a patch committed for that > vulnerability back in February. =A0I think we've got the Linux ports at a= n > update that includes the fix. =A0The diablo ports are vulnerable though. > That's a bugger... Any chance of new diablo ports? I don't mind helping to build them if that's what it needs; I'm not familiar with the process of making the tarballs. We really should stick in a vuxml too-- people need kicking up the backside to update! Chris