Bug#604852: unblock: openjdk-6/6b18-1.8.3-1
On Wed, 2010-11-24 at 21:30 +0100, Moritz Muehlenhoff wrote:
> Please unblock package openjdk-6. It fixes CVE-2010-3860.
It also FTBFS on a couple of architectures so far (although the ia64
failure looks to be one of the recent tar issues, rather than an openjdk
issue).
>From the description of the CVE in upstream's changelog / NEWS files I
can spot some of the changes which were involved in fixing the security
issue, but the (undocumented afaics) change to bundling CACAO rather
than using the cacao-source package during build means that even a diff
filtered to remove build system noise, documentation, etc. comes to
848 files changed, 334186 insertions(+), 160 deletions(-)
which there's clearly no way to sanely review; it's probably worth
comparing that to the old cacao-source to see how significant the diff
there is, but I haven't had time to do that yet.
Regards,
Adam
Reply to: