sun-java6 package from Partner Repo has critical vulnerability
Bug #695774 reported by
johnf
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sun-java6 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
The current version of sun-java6 from the partner repo is 6.22-0ubuntu1~
This package needs to be updated to 6.23, as it is vulnerable to CVE-2010-0840 (and a number of others).
Canonical/Ubuntu released a fix for this CVE for the OpenJDK version on the 7th of April of this year (2010):
CVE References
To post a comment you must log in.
Ok, apparently 6.23 isn't required, 6.22 addresses the most recent CVE for java, http:// people. canonical. com/~ubuntu- security/ cve/2010/ CVE-2010- 3574.html