Date: Wed, 11 Jun 2008 14:54:01 -0400 From: Geoff Franks <gfranks@hwi.buffalo.edu> To: <freebsd-java@FreeBSD.org> Subject: Linux-sun-jdk16 security advisory Message-ID: <C4759789.11658%gfranks@hwi.buffalo.edu>
index | next in thread | raw e-mail
I installed linux-sun-jdk16 last week, and it required the jdk-6u3 files. I went to reinstall it today (long story, but I uninstalled it on Friday, and am starting over). However, now it requires the jdk-6u6 files. After I grabbed those, I went to re-install with portinstall, and now I get an error saying that this version has known vulnerabilities: ====================================================================== ===> linux-sun-jdk-1.6.0.06 has known vulnerabilities: => jdk -- jar directory traversal vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a .html> => Please update your ports tree and try again. *** Error code 1 When I go to the link, it mentions nothing about java 1.6, and nothing over a java 1.5.0p1_1. Is this a new vulnerability that the portaudit page hasn't been updated for, or is this wrongly applying to jdk16? Geoff Franks Sr. Systems Administrator Hauptman Woodward Institutehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C4759789.11658%gfranks>