Date: Wed, 11 Jun 2008 14:54:01 -0400 From: Geoff Franks <gfranks@hwi.buffalo.edu> To: <freebsd-java@FreeBSD.org> Subject: Linux-sun-jdk16 security advisory Message-ID: <C4759789.11658%gfranks@hwi.buffalo.edu>
next in thread | raw e-mail | index | archive | help
I installed linux-sun-jdk16 last week, and it required the jdk-6u3 files. I went to reinstall it today (long story, but I uninstalled it on Friday, and am starting over). However, now it requires the jdk-6u6 files. After I grabbed those, I went to re-install with portinstall, and now I get an error saying that this version has known vulnerabilities: ====================================================================== ===> linux-sun-jdk-1.6.0.06 has known vulnerabilities: => jdk -- jar directory traversal vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a .html> => Please update your ports tree and try again. *** Error code 1 When I go to the link, it mentions nothing about java 1.6, and nothing over a java 1.5.0p1_1. Is this a new vulnerability that the portaudit page hasn't been updated for, or is this wrongly applying to jdk16? Geoff Franks Sr. Systems Administrator Hauptman Woodward Institute
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C4759789.11658%gfranks>