JRE & JDK <1.4.1_02 vulnerable?

To: debian-security@lists.debian.org
Subject: JRE & JDK <1.4.1_02 vulnerable?
From: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>
Date: Fri, 2 May 2003 14:13:08 -0500 (CDT)
Message-id: <Pine.GSO.4.40.0305021408280.29982-100000@antares.cc.umanitoba.ca>

http://www.securityfocus.com/bid/7109 says Sun's JRE and Java SDKs versions
less than 1.4.1_02 are vulnerable as well as IBM's JDK.

The BID seems to indicate the vulnerability is in java.util.zip

I'm not sure which versions of Java JRE's and SDKs are in Debian, but it
seems to me that in Contrib there's an IBM JDK installer that might install
an affected version.

Can someone check into these? Don't contact team@security.debian.org until
you are confident that stable or oldstable is affected.

     Drew Daniels

Reply to:

Follow-Ups:
- Re: JRE & JDK <1.4.1_02 vulnerable?
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: Re: mgetty vulnerable
Next by Date: Re: MAC-based ssh
Previous by thread: Security Audit tools
Next by thread: Re: JRE & JDK <1.4.1_02 vulnerable?
Index(es):
- Date
- Thread