java/115558: linux-sun-jdk-1.6.0.02 is incorrectly marked as
vulnerable
Ronald Klop
ronald-freebsd8 at klop.yi.org
Wed Aug 15 11:20:01 PDT 2007
>Number: 115558
>Category: java
>Synopsis: linux-sun-jdk-1.6.0.02 is incorrectly marked as vulnerable
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-java
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Aug 15 18:20:00 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Ronald Klop
>Release: FreeBSD 6.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD 6.2-STABLE #29: Sat Jul 14 14:44:18 CEST 2007
root at guido.klop.ws:/usr/obj/usr/src/sys/GUIDO
>Description:
I don't know if this is a 'java' issue or a 'ports' issue, sorry if the category is wrong.
But, the port linux-sun-jdk-1.6.0.02 is marked as vulnerable by portaudit/vuxml which is incorrect I think.
# portaudit -adF
auditfile.tbz 100% of 43 kB 30 kBps
New database installed.
Database created: Tue Aug 14 01:10:01 CEST 2007
Affected package: linux-sun-jdk-1.6.0.02
Type of problem: jdk -- jar directory traversal .
Reference: <http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html>
>How-To-Repeat:
install portaudit
try to install linux-sun-jdk-1.6.0; this will not succeed, because portaudit thinks the port is vulnerable
>Fix:
Fix the versions of the vulnerability.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-java
mailing list