Bug#604852: unblock: openjdk-6/6b18-1.8.3-1

To: Moritz Muehlenhoff <jmm@debian.org>, 604852@bugs.debian.org
Subject: Bug#604852: unblock: openjdk-6/6b18-1.8.3-1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 25 Nov 2010 21:46:04 +0000
Message-id: <[🔎] 1290721564.2914.831.camel@hathi.jungle.funky-badger.org>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 604852@bugs.debian.org
In-reply-to: <[🔎] 20101124203047.2975.95100.reportbug@localhost.localdomain>
References: <[🔎] 20101124203047.2975.95100.reportbug@localhost.localdomain>

On Wed, 2010-11-24 at 21:30 +0100, Moritz Muehlenhoff wrote:
> Please unblock package openjdk-6. It fixes CVE-2010-3860.

It also FTBFS on a couple of architectures so far (although the ia64
failure looks to be one of the recent tar issues, rather than an openjdk
issue).

>From the description of the CVE in upstream's changelog / NEWS files I
can spot some of the changes which were involved in fixing the security
issue, but the (undocumented afaics) change to bundling CACAO rather
than using the cacao-source package during build means that even a diff
filtered to remove build system noise, documentation, etc. comes to

 848 files changed, 334186 insertions(+), 160 deletions(-)

which there's clearly no way to sanely review; it's probably worth
comparing that to the old cacao-source to see how significant the diff
there is, but I haven't had time to do that yet.

Regards,

Adam

Reply to:

References:
- Bug#604852: unblock: openjdk-6/6b18-1.8.3-1
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: Re: freeze exception -- bugzilla3 3.6.3.0-1
Next by Date: Re: Fixing speech-dispatcher with flite
Previous by thread: Bug#604852: unblock: openjdk-6/6b18-1.8.3-1
Next by thread: Bug#604853: unblock: systemtap/1.2-5
Index(es):
- Date
- Thread