java/jdk16 vulnerability?
Wenliang Cai
wcai at xwarelabs.org
Tue Sep 29 05:27:15 UTC 2009
Perhaps we can have a specific page to show the recommended JDK version for
all people including these who are not in the list... [?]
On Tue, Sep 29, 2009 at 12:30 PM, Robert Huff <roberthuff at rcn.com> wrote:
>
> Greg Lewis writes:
>
> > > Your installed version of Java is vulnerable to a severe remote
> > > exploit (remote code execution!). You must upgrade to at least Java
> > > 5 update 20 or Java 6 update 15 as soon as possible. Freenet has
> > > disabled any plugins handling XML for the time being, but this
> > > includes searching and chat so you should upgrade ASAP!
> >
> > We're almost certainly vulnerable. The jdk16 port is at Update 3.
>
>
> > We need an entry in the VUXML database I guess.
> >
> > Updating java/jdk16 is going to be a slow process. There are
> > lots of changes between Update 3 and Update 15. I've partially
> > merged Update 4, but obviously that still leaves many to go...
>
> As someone with zero knowledge of Java internals: what is the
> recommended version at the moment?
>
>
> Robert Huff
>
> _______________________________________________
> freebsd-java at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-java
> To unsubscribe, send any mail to "freebsd-java-unsubscribe at freebsd.org"
>
More information about the freebsd-java
mailing list