jdk14 MINIMAL=true and XPM vuln
Matthew George
mdg at secureworks.net
Tue Nov 30 11:32:04 PST 2004
Ok, so open-motif, the origin of libXm is marked in vuXML due to the XPM
vulnerabilities. The jdk is in vuXML due to the javascript unsafe
class loading issue. Since the jdk issue is with the browser plugin, I
figured I'd be ok using MINIMAL=true to skip the plugin, but now I'm
tripping over open-motif. I'd like to understand the relationship
between the two a little more before proceeding. From the CVS history,
I see a note that libXm is statically linked into libawt. It seems like
this is a non-issue for me since I'm precompiling a package that is
intended for use on servers that won't run X, but I'd like to get some
kind of confirmation before I go ahead and override the vulnerability check.
--
Matthew George
SecureWorks Technical Operations
More information about the freebsd-java
mailing list