Univention Bugzilla – Bug 38303
openjdk-6 (3.2)
Last modified: 2015-08-21 13:13:57 CEST
New security vulnerabilities have been reported for openssl-6. Specific details are not available: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html Incorrect handling of phantom references (CVE-2015-0460) Layout engine glyphStorage off-by-one (CVE-2015-0469) Incorrect permissions check in resource loading (CVE-2015-0477) RSA implementation hardening (CVE-2015-0478) Jar directory traversal issues (CVE-2015-0480) Certificate options parsing uncaught exception (CVE-2015-0488)
This is openjdk-6.. Fixed in upstream Debian package version 6b35-1.13.7-1~deb6u1
New issues reported, see Bug 38929.
Also fixed in that release: * bypass certain Java sandbox restrictions by untrusted Java application or app due to incorrect handling of default methods (CVE-2015-0470)
CVE-2015-0470 doesn't affect openjdk-6. Advisory: 2015-08-18-openjdk-6.yaml
Advisory: OK Tests: OK
<http://errata.univention.de/ucs/3.2/359.html>