openjdk6 b17 is coming soon, and should fix these vulnerabilities.
On Sep 28, 2009, at 8:48 PM, Greg Lewis wrote:
> On Mon, Sep 28, 2009 at 12:10:48PM +0200, cpghost wrote:
>> Freenet (http://www.freenetproject.org/) on my FreeBSD/amd64 system
>> complains about an old and vulnerable Java version:
>> Your installed version of Java is vulnerable to a severe remote
>> exploit (remote code execution!). You must upgrade to at least Java
>> 5 update 20 or Java 6 update 15 as soon as possible. Freenet has
>> disabled any plugins handling XML for the time being, but this
>> includes searching and chat so you should upgrade ASAP!
> We're almost certainly vulnerable. The jdk16 port is at Update 3.
>> See http://www.cert.fi/en/reports/2009/vulnerability2009085.html for
>> Also, please do not use Thaw or Freetalk. The UPnP plugin is
>> enabled, it might present a risk if you have bad guys on your LAN,
>> but without it Freenet will not be able to port forward and will
>> have severe problems.
>> I'm running java/jdk16:
>> phenom# java -version
>> java version "1.6.0_03-p4"
>> Java(TM) SE Runtime Environment (build 1.6.0_03-p4-
>> Java HotSpot(TM) 64-Bit Server VM (build 1.6.0_03-p4-
>> root_08_sep_2009_17_05-b00, mixed mode)
>> On 7.2-STABLE:
>> phenom# uname -a
>> FreeBSD phenom.cordula.ws 7.2-STABLE FreeBSD 7.2-STABLE #0: Tue
>> Sep 8 10:43:26 CEST 2009 email@example.com:/usr/obj/usr/
>> src/sys/GENERIC amd64
>> Is that version of Java really vulnerable? If yes, why doesn't
>> # portaudit -Fda
>> report it as such, and could you please update the java/jdk16 port?
> We need an entry in the VUXML database I guess.
> Updating java/jdk16 is going to be a slow process. There are lots of
> changes between Update 3 and Update 15. I've partially merged
> Update 4,
> but obviously that still leaves many to go...
> Greg Lewis Email : firstname.lastname@example.org
> Eyes Beyond Web : http://
> Information Technology FreeBSD : glewis@FreeBSD.org
> email@example.com mailing list
> To unsubscribe, send any mail to "freebsd-java-